Koneessa roskaa - HJT logi tarkastettavaksi...

aapete · Aug 30, 2005

Hei !

Koneeseeni on viime päivien aikana tullut aikamoinen määrä haittaohjelmia, joita en saa poistettua.

Käytössä on Norton Antivirus, Zone Alarm -palomuuri, Ad-Aware SE ja Spybot. Norton ilmoittaa viruksesta nimeltä "hclean32.exe", muttei saa sitä poistettua ja Ad-Aware jumittaa kesken skannauksen kohdassa "HKEY_LOCAL_MACHINE\Software\.." Lisäksi Zone Alarm varoittaa ohjelmasta "rdsndin.exe", joka yrittää yhteyttä nettiin ja Internet Explorerissa on kadonnut aloitussivu sekä yläreunaan ilmestynyt ylimääräinen "toolbar" linkkeineen. Sitten vielä aika ajoin ruudulle ponnahtaa "command prompt", jonka yläreunassa "C:\WINDOWS\System32\WINCTR~1.EXE".

Tässä liitteenä HJT:n logi tarkastettavaksi. Olisin kiitollinen, jos joku voisi neuvoa ja auttaa, kuinka saan Windows XP:ni taas kuntoon.

---------

Logfile of HijackThis v1.99.1
Scan saved at 21:46:23, on 30.8.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\Linksts.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\popcorn72.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Tweak-XP\popup.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotiposti.net/aapete/
R3 - URLSearchHook: (no name) - {A1429EDC-E260-7A0B-254D-45867313657E} - ExchangeMaster.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ztmsh.dll
O2 - BHO: PT Cancel Popups - {30C4957C-A15E-48E2-99ED-7623B8EF4182} - C:\Program Files\Picture Tools\PT_CancelPopups.dll
O2 - BHO: PT Filter Links - {3C84954D-23A1-4D71-9185-6BE2BB312C24} - C:\Program Files\Picture Tools\PT_FilterLinks.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TChkBHO Class - {B6758E85-CB97-4E5B-9E8E-28379211B399} - C:\WINDOWS\system32\ziijuw.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ztmsh.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [svckernell] c:\windows\svckernell.com
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [install2] trycrt.exe
O4 - HKLM\..\Run: [UserSp1] jopplerg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Pop-Up-Blocker] C:\Program Files\Tweak-XP\popup.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [media64] wormexe.exe
O4 - HKCU\..\Run: [vxdman] ParisM.exe
O4 - HKCU\..\Run: [newbreed] RtlFindVal.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie&w All Pics - file:///C:\Program Files\Picture Tools\ViewAllPics.htm
O8 - Extra context menu item: View A&ll Pics in New Win - file:///C:\Program Files\Picture Tools\ViewAllPicsOpen.htm
O9 - Extra button: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra 'Tools' menuitem: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra button: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra 'Tools' menuitem: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.60-big/GoogleNav.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{269C74AE-008C-4FF2-AB43-CC5715CCC24F}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85F136D-9156-4D5D-8B65-A3B2BE542722}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

age007ti · Aug 30, 2005

hopi hopi windows updateen ja lataat kaikki päivitykset

age007ti · Aug 30, 2005

ota nyt aluksi pois nuo

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [svckernell] c:\windows\svckernell.com
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [install2] trycrt.exe
O4 - HKLM\..\Run: [UserSp1] jopplerg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Pop-Up-Blocker] C:\Program Files\Tweak-XP\popup.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [media64] wormexe.exe
O4 - HKCU\..\Run: [vxdman] ParisM.exe
O4 - HKCU\..\Run: [newbreed] RtlFindVal.exe

age007ti · Aug 30, 2005

nääkin voi ottaa pois
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab

aapete · Aug 30, 2005

OK, poistin HJT:llä mainitsemasi kohdat ja ainakin kone ja sen käynnistys nopeutui. Ad-Aware jää kyllä vieläkin jumiin ja IE:ssä samat ongelmat kuin ennen.

Olen ladannut Windows Updatesta kaikki erilliset tietoturvapäivitykset, mutta Service Packejä en ole uskaltanut asentaa, koska XP:ni ei ole virallinen vaan kopio ja olen kuullut, että SP:t voivat jumittaa koneen (onko näin?).

Tässä vielä uusi HJT:n logi:

------

Logfile of HijackThis v1.99.1
Scan saved at 23:21:19, on 30.8.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Linksts.exe
C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotiposti.net/aapete/
R3 - URLSearchHook: (no name) - {A1429EDC-E260-7A0B-254D-45867313657E} - ExchangeMaster.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ztmsh.dll
O2 - BHO: PT Cancel Popups - {30C4957C-A15E-48E2-99ED-7623B8EF4182} - C:\Program Files\Picture Tools\PT_CancelPopups.dll
O2 - BHO: PT Filter Links - {3C84954D-23A1-4D71-9185-6BE2BB312C24} - C:\Program Files\Picture Tools\PT_FilterLinks.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TChkBHO Class - {B6758E85-CB97-4E5B-9E8E-28379211B399} - C:\WINDOWS\system32\ziijuw.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ztmsh.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie&w All Pics - file:///C:\Program Files\Picture Tools\ViewAllPics.htm
O8 - Extra context menu item: View A&ll Pics in New Win - file:///C:\Program Files\Picture Tools\ViewAllPicsOpen.htm
O9 - Extra button: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra 'Tools' menuitem: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra button: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra 'Tools' menuitem: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.60-big/GoogleNav.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{269C74AE-008C-4FF2-AB43-CC5715CCC24F}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85F136D-9156-4D5D-8B65-A3B2BE542722}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

age007ti · Aug 30, 2005

onhan järjestelmän palautuspiste pois päältä
oma tietokone -> ominaisuudet - järjestelmän palautus
ruksi käännä pois päältä

toinen siivousohjelma on
http://www.ccleaner.com/

se tyhjentää temppikansioita

age007ti · Aug 30, 2005

asenna se SP 2, niin pääset vähemmällä, muuten sinun täytyy asentaa windows puhtaalta päydältä.

Kannattaa käydä ostamassa aito windows niin ei tarvitse miettiä tuollaisia asioita.

-kemisti- · Aug 30, 2005

age007ti pyysikin jo poistamaan osan turhista, jatketaan siitä

Tehdääs näin:

Poista lisää/poista sovellus -kohdasta (ohjauspaneeli):

WareOut

Fixaa nämä kohdat:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R3 - URLSearchHook: (no name) - {A1429EDC-E260-7A0B-254D-45867313657E} - ExchangeMaster.dll (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ztmsh.dll
O2 - BHO: TChkBHO Class - {B6758E85-CB97-4E5B-9E8E-28379211B399} - C:\WINDOWS\system32\ziijuw.dll (file missing)
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)

Eka osoite viittaa Ukrainaan ja toista ei edes löydy, joten poista myös nämä:

O17 - HKLM\System\CCS\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{269C74AE-008C-4FF2-AB43-CC5715CCC24F}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D85F136D-9156-4D5D-8B65-A3B2BE542722}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{264E81CD-4D3D-4216-A459-D10C71FF909A}: NameServer = 195.95.218.18,85.255.112.11

Laita piilotiedostot näkyviin, ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Sitten käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista tiedostot:

c:\windows\==>svckernell.com<==
c:\windows\==>taskmgr.com<==
C:\WINDOWS\System32\==>popcorn72.exe<==
hakemisto C:\Program Files\==>WareOut<==
trycrt.exe
jopplerg.exe
wormexe.exe
ParisM.exe
RtlFindVal.exe (nämä viisi viimeistä C:\Windows-hakemistossa tod.näk.)
C:\WINDOWS\System32\==>ztmsh.dll<==
C:\WINDOWS\system32\==>ziijuw.dll<== (jos löytyy)
C:\WINDOWS\System32\==>ash.dll<== (jos löytyy)

Käynnistä uudestaan normaalisti ja laita uusi loki

aapete · Aug 30, 2005

Kiitos vinkeistä ja ohjeista. Täytyy illalla jatkaa operaatiota, kun pääsen taas kotikoneen ääreen. Täällä töissä on macci ja sitä ei paljon virukset ja haittaohjelmat vaivaa

aapete · Aug 31, 2005

No niin, nyt tuli HJT:llä fiksattua lisää ja Safe Modessa poistettua "popcorn72.exe" ja "ztmsh.dll" (nämä olivat ainoat listassa mainitut tiedostot, jotka koneeltani löysin).

Aika hyvin kone tuntuukin jo pelittävän, tässä vielä uusi HJT:n logi katsottavaksi:

P.S. Täytyy varmaan marssia kauppaan ja hommata virallinen XP, niin saa kaikki päivitykset kuntoon Service Packeja myöten...

-------

Logfile of HijackThis v1.99.1
Scan saved at 23:50:46, on 31.8.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Linksts.exe
C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotiposti.net/aapete/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kotiposti.net/aapete/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PT Cancel Popups - {30C4957C-A15E-48E2-99ED-7623B8EF4182} - C:\Program Files\Picture Tools\PT_CancelPopups.dll
O2 - BHO: PT Filter Links - {3C84954D-23A1-4D71-9185-6BE2BB312C24} - C:\Program Files\Picture Tools\PT_FilterLinks.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = C:\Program Files\Nokia\PC Suite Nokia 9210i Communicatorille\ConnectState.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Vie&w All Pics - file:///C:\Program Files\Picture Tools\ViewAllPics.htm
O8 - Extra context menu item: View A&ll Pics in New Win - file:///C:\Program Files\Picture Tools\ViewAllPicsOpen.htm
O9 - Extra button: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra 'Tools' menuitem: View All Pics - {011D31E2-52A7-4703-8923-585EE67C112B} - C:\Program Files\Picture Tools\Ext_ViewAllPics.exe
O9 - Extra button: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra 'Tools' menuitem: Download Pics - {0229FA56-9A3D-4018-9017-1918F8EC2C93} - C:\Program Files\Picture Tools\Ext_DownloadPics.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.60-big/GoogleNav.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

aapete · Aug 31, 2005

No nyt tuli puhdistettua konetta myös CCleaner-ohjelmalla ja yli 300 megaa puhdistui C-levyltä! Niin ja tosiaan järjestelmän palautuspiste oli päällä, joten käänsin sen pois päältä. Kiitos näistä ym. vinkeistä age007ti:lle.

Ja kiitokset myös kemistille tähänastisista avuista ja vinkeistä.

Ad-Aware kyllä vieläkin jumittaa kesken skannauksen, vaikka asensin sen jo kertaalleen uudelleen...

-kemisti- · Aug 31, 2005

Nuo muut tiedostot, joita et löytänyt, lähtivät tod. näk. pois tuon WareOutin (joka on varsinainen haittaohjelmaimuri) poiston mukana.

Fixaa vielä tämä:

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

Wezda · Sep 1, 2005

Täytyy varmaan marssia kauppaan ja hommata virallinen XP, niin saa kaikki päivitykset kuntoon Service Packeja myöten...
Click to expand...

On se elämä kummasti helpottunut kun on koneessa aito XP. Suosittelen...

chegardo · Sep 1, 2005

Turha kommentti vielä , elämä ois vielä helpompaa ku oli Linux koneessa

Log in or Sign up

Koneessa roskaa - HJT logi tarkastettavaksi...

aapete Member

age007ti Guest

age007ti Guest

age007ti Guest

aapete Member

age007ti Guest

age007ti Guest

-kemisti- Active member

aapete Member

aapete Member

aapete Member

-kemisti- Active member

Wezda Regular member

chegardo Regular member

Share This Page

Log in or Sign up

Koneessa roskaa - HJT logi tarkastettavaksi...

aapete Member

age007ti Guest

age007ti Guest

age007ti Guest

aapete Member

age007ti Guest

age007ti Guest

-kemisti- Active member

aapete Member

aapete Member

aapete Member

-kemisti- Active member

Wezda Regular member

chegardo Regular member

Share This Page

Useful Searches