taustakuvan vaihto

j.pv · Dec 22, 2005

taustakuvaa ei pysty vaihtamaan millään, tausta sininen ja siinä teksti spyware infection????? missä mahtaa olla vika

-kemisti- · Dec 22, 2005

Sulla on örkkejä tullu joulun alla kyläilemään koneelle

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

mika · Dec 22, 2005

Siirrän aluetta.

j.pv · Dec 22, 2005

Logfile of HijackThis v1.99.1
Scan saved at 14:27:55, on 22.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\EShopee.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\smss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\Marko Karjula\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: Shell=Explorer.exe C:\windows\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\windows\system32\ib6.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\system32\zolker011.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb011.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\ztoolb011.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [EShopeeVer] "C:\WINDOWS\system32\install.exe "
O4 - HKLM\..\Run: [EShopee] C:\WINDOWS\system32\EShopee.exe
O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe
O4 - HKLM\..\Run: [BatSrv] C:\windows\batserv2.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\windows\system32\msvcp.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - C:\windows\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\windows\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-kemisti- · Dec 22, 2005

Sulla on ensinnäkin tod. näk. keylogger koneella. Eli tämän homman jälkeen suosittelen vaihtamaan kaikki salasanat ja tarkistamaan verkkopankin/luottokorttifirman asiat.

Siirrä HjT [bold]omaan[/bold] kansioonsa -> C:\hjt\HijackThis.exe

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.321search.com
F2 - REG:system.ini: Shell=Explorer.exe C:\windows\system32\kernels64.exe
O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\windows\system32\ib6.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\system32\zolker011.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb011.dll (file missing)
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\ztoolb011.dll (file missing)
O4 - HKLM\..\Run: [EShopeeVer] "C:\WINDOWS\system32\install.exe "
O4 - HKLM\..\Run: [EShopee] C:\WINDOWS\system32\EShopee.exe
O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe
O4 - HKLM\..\Run: [BatSrv] C:\windows\batserv2.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\windows\system32\msvcp.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O20 - Winlogon Notify: msupdate - C:\windows\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\windows\

Hae ewido -> http://www.ewido.net/en/download

Asenna ja päivitä se, älä skannaa vielä.

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista, jos löytyy:

C:\windows\system32\==>kernels64.exe<==
C:\windows\system32\==>ib6.dll<==
C:\WINDOWS\system32\==>zolker011.dll<==
C:\WINDOWS\system32\==>ztoolb011.dll<==
C:\WINDOWS\system32\==>install.exe<==
C:\WINDOWS\system32\==>EShopee.exe<==
C:\windows\==>batserv2.exe<==
C:\windows\system32\==>msvcp.exe<==
C:\WINDOWS\System\==>svwhost.exe<==
C:\WINDOWS\System\==>svchost.exe<== (Huom! hakemisto)
C:\WINDOWS\==>inet20001<==
C:\windows\==>smss.exe<== (Huom! hakemisto)
C:\windows\==>winlogon.exe<== (Huom! hakemisto)
C:\WINDOWS\system32\==>sywsvcs.exe<==
C:\Program Files\Common Files\==>GMT<==
C:\windows\SYSTEM32\==>msupdate32.dll<==
ie6upd.exe
svchost_.exe
wincln32.exe
wiper.exe (kaikki nämä C:\windows\system32-hakemistossa, jos ovat).

Skannaa siellä vikasiedossa ewidolla. Anna poistaa, mitä löytää ja tallenna raportti. Lähetä uusi HjT-loki ja ewidon raportti tänne.

j.pv · Dec 22, 2005

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:21:27, 22.12.2005
+ Report-Checksum: FBA14A69

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!! -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1614895754-630328440-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKU\S-1-5-21-1614895754-630328440-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-1614895754-630328440-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614895754-630328440-1417001333-1004\Dc12.dll -> Proxy.Delf.al : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614895754-630328440-1417001333-1004\Dc4.exe -> Hijacker.Iedriver.b : Cleaned with backup
C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\paradise.raw.exe -> Proxy.Lager.f : Cleaned with backup
C:\WINDOWS\system32\qvxgamet3.exe -> Downloader.Small.aqu : Cleaned with backup
C:\WINDOWS\system32\qvxgamet4.exe -> Downloader.Small.aqu : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 18:33:10, on 22.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marko Karjula\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Microsoft Office] C:\windows\system32\msvcp.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-kemisti- · Dec 22, 2005

Vähän parempi

Fixaa nämä:

O4 - HKLM\..\Run: [Microsoft Office] C:\windows\system32\msvcp.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe

Vikasietotilassa, jos eivät muuten lähde.
Vielä taustakuvaongelmia? Olin näkevinäni, että ewido poisti desktop.html:n, joten se ongelma voi olla jo pois.

j.pv · Dec 22, 2005

teksti lähti mutta, vieläkään ei pysty vaihtamaan taustakuvaa, oiskos vielä jotain mitä voi tehdä

j.pv · Dec 23, 2005

Logfile of HijackThis v1.99.1
Scan saved at 12:07:41, on 23.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marko Karjula\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

onkohan tossa vielä jotain epäilyttävää????

-kemisti- · Dec 23, 2005

Loki on ok. Tee näin:

Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.

Lähetä registry searchin tulokset.

j.pv · Dec 23, 2005

ok eli tommonen tuli

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "desktop.html" 23.12.2005 19:36:20

[HKEY_USERS\S-1-5-21-1614895754-630328440-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"="C:\\WINDOWS\\desktop.html"

-kemisti- · Dec 23, 2005

Selvä. Tee näin:

Ensin ota rekisteristä varmuuskopio näin:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-1614895754-630328440-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"="C:\\WINDOWS\\desktop.html"

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

j.pv · Dec 23, 2005

auttoi kiitoksia ihan mielettömän paljon avustasi ja kärsivällisyydestä.. ja hyvät joulut

-kemisti- · Dec 23, 2005

Ole hyvä ja samoin sulle

Log in or Sign up

taustakuvan vaihto

j.pv Member

-kemisti- Active member

mika Moderator Staff Member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

j.pv Member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

Share This Page

Log in or Sign up

taustakuvan vaihto

j.pv Member

-kemisti- Active member

mika Moderator Staff Member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

j.pv Member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

j.pv Member

-kemisti- Active member

Share This Page

Useful Searches