Hei! Taustakuvani muuttui itsestaan ja koneeni hidastui. Uudessa taustakuvassa on teksti: Your privacy is in danger! Download privacy protection software now! Kyseessa on ilmeisesti jonkinlainen trojan downloaderi, koska aika ajoin Interner Explorer avautuu itsestaan sivuille, josta saisi hankittua virus ja trojan poisto-ohjelmia. Olen yrittanyt poistaa kyseista roskaa koneeltani muissa viestiketjuissa olleiden ohjeiden mukaan kayttamalla Smitfaudfixia, Trojan removeria ja CCleaneria. Ohjelmat loyttavat kylla jotain ja poistavatkin, mutta taas hetken paasta sama taustakuva tulee takaisin ja kone hidastuu. Eli nyt olisi asiantuntija apua tarpeen, kun omat evaat eivat enaa riita. Laitan HijacThis-lokin liitteeksi. Kiitos etukateen... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:28, on 11/1/2551 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS.0\system32\igfxtray.exe C:\WINDOWS.0\system32\hkcmd.exe C:\WINDOWS.0\system32\igfxpers.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS.0\tsnp2std.exe C:\WINDOWS.0\vsnp2std.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS.0\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator.HOME-60DF1C5C5F\Application Data\Simply Super Software\Trojan Remover\hla9.exe C:\Documents and Settings\Administrator.HOME-60DF1C5C5F\Application Data\Simply Super Software\Trojan Remover\hla9.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {059947A2-838E-4773-9EE2-8AB8F53C2EDE} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: (no name) - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS.0\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS.0\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS.0\system32\igfxpers.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS.0\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS.0\vsnp2std.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Add To QQ Expression - C:\Program Files\Sanook! QQ\QQ\AddEmotion.htm O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: การวิจัย - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: bklgvsf - {C7E47A26-211A-49A9-B52B-4068C4A75C2B} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS.0\privacy_danger\index.htm -- End of file - 7947 bytes
jos virus/haittaohjelmien torjunta tunnistaa pöpön niin koita poistaa vikasietotilassa.katso millä nimellä haittaohjela oli ja tsekkaa rekisteristä regeditillä mahdolliset rekisterimerkinnät ja poista nekin.mutta varovaisuutta rekisterin kanssa
Laitteleppa vähän jotain suojaakin : SpywareBlaster , Spybot - Search & Destroy ja PeerGuardian . HJT logit tutkailee joku viisaampi tai koita jotain online scanneria . Jotenkin nekin pelaa . Esim. : http://hijackthis.de/index.php?langselect=english#anl antoi logistasi seuraavaa : Analyzerdetails C:\WINDOWS.0\System32\smss.exe Kind Safe Safe Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\winlogon.exe Kind Safe Safe Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Windows Login Routine Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\services.exe Kind Very safe Very safe Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Verwaltet die Systemdienste. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\lsass.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\svchost.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Allgemeiner Hostprozessname für Dienste. Visitor's assessment Analyzerdetails C:\WINDOWS.0\System32\svchost.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Allgemeiner Hostprozessname für Dienste. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe Kind Neutral Neutral ZoneAlarm Firewall Visitor's assessment Analyzerdetails C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Kind Very safe Very safe Visitor's assessment Analyzerdetails C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Kind Very safe Very safe Event logging application Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\spoolsv.exe Kind Safe Safe Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess Visitor's assessment Analyzerdetails C:\WINDOWS.0\Explorer.EXE Kind Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required. Systemprozess für Desktop und Taskleiste. Visitor's assessment Analyzerdetails C:\Program Files\Symantec AntiVirus\DefWatch.exe Kind Very safe Very safe Visitor's assessment Analyzerdetails C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Kind Safe Safe Machine Debug Manager. Used by developers. Visitor's assessment Analyzerdetails C:\Program Files\Spyware Terminator\sp_rsser.exe Kind Safe Safe Spyware Terminator Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\igfxtray.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\hkcmd.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\igfxpers.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. NVidia Graphics related Visitor's assessment Analyzerdetails C:\Program Files\Unlocker\UnlockerAssistant.exe Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\WINDOWS.0\SOUNDMAN.EXE Kind Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required. Visitor's assessment Analyzerdetails C:\Program Files\Common Files\Symantec Shared\ccApp.exe Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\PROGRA~1\SYMANT~1\VPTray.exe Kind Very safe Very safe Visitor's assessment Analyzerdetails C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Kind Very safe Very safe Cyber Link PowerDVD Visitor's assessment Analyzerdetails C:\WINDOWS.0\tsnp2std.exe Kind Fuzzy Algorithmcheck (4.36 / 5.00), Safe Visitor's assessment Analyzerdetails C:\WINDOWS.0\vsnp2std.exe Kind Fuzzy Algorithmcheck (3.75 / 5.00), Safe Visitor's assessment Analyzerdetails C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE Kind Very safe Very safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Kind Very safe Very safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\Program Files\Winamp\winampa.exe Kind Safe Safe Visitor's assessment Analyzerdetails C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\ctfmon.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Visitor's assessment Analyzerdetails C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe Kind Very safe Very safe Task Switch XP Visitor's assessment Analyzerdetails C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe Kind Safe Safe Part of Nokia PC Suite 6 Visitor's assessment Analyzerdetails C:\WINDOWS.0\system32\svchost.exe Kind Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. Systemprozess - Allgemeiner Hostprozessname für Dienste. Visitor's assessment Analyzerdetails C:\Program Files\Symantec AntiVirus\Rtvscan.exe Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe Kind Very safe Very safe Nokia Service Layer Visitor's assessment Analyzerdetails C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe Kind Very safe Very safe Part of Nokia PC Suite Visitor's assessment Analyzerdetails C:\Program Files\Mozilla Firefox\firefox.exe Kind Very safe Very safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails Unknown C:\Documents and Settings\Administrator.HOME-60DF1C5C5F\Application Data\Simply Super Software\Trojan Remover\hla9.exe Kind Fuzzy Algorithmcheck (3.5 / 5.00), Neutral Visitor's assessment Analyzerdetails Unknown C:\Documents and Settings\Administrator.HOME-60DF1C5C5F\Application Data\Simply Super Software\Trojan Remover\hla9.exe Kind Fuzzy Algorithmcheck (3.5 / 5.00), Neutral Visitor's assessment Analyzerdetails C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Kind Very safe Very safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe Visitor's assessment Analyzerdetails R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm Kind Nasty Nasty This page has been identified as safe. Visitor's assessment Analyzerdetails R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm Kind Nasty Nasty This page has been identified as safe. Visitor's assessment Analyzerdetails R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Kind Very safe Very safe This entry has been identified as safe. Visitor's assessment Analyzerdetails O2 - BHO: (no name) - {059947A2-838E-4773-9EE2-8AB8F53C2EDE} - (no file) Kind Unknown application. Unnecessary (deactivated) entry that can be fixed. Visitor's assessment Analyzerdetails O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Kind Very safe Very safe AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html Visitor's assessment Analyzerdetails O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Kind Safe Safe Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Kind Very safe Very safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL Kind ASKSBAR.DLL - Ask_Toolbar, http://sp.ask.com/docs/toolbar/ - see this_note, http://www.benedelman.org/spyware/instal lations/askjeeves-banner/ Visitor's assessment Analyzerdetails O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL Kind ASKSBAR.DLL - Ask_Toolbar, http://sp.ask.com/docs/toolbar/ - see this_note, http://www.benedelman.org/spyware/instal lations/askjeeves-banner/ Visitor's assessment Analyzerdetails O3 - Toolbar: (no name) - {7D1AD5EB-9902-4FF0-986F-CA498179A53B} - (no file) Kind Unknown application. Unnecessary (deactivated) entry that can be fixed. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS.0\system32\igfxtray.exe Kind Not dangerous, but unnecessary. Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS.0\system32\hkcmd.exe Kind Intel Hot Keys Command Module. Monitors the keyboard for the key-presses you specified in the program. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS.0\system32\igfxpers.exe Kind Intel Graphics Common User Interface Module Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H Kind Related to Unlocker utility to unlock files when the OS reports the file is being used by an other person or program. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE Kind Safe Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" Kind Very safe Very safe Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe Kind Safe Safe System Tray icon for Norton Anti-Virus Corporate Edition. Gives access to the options available and may not be required. Some users may have problems - refer here Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" Kind Safe Safe Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS.0\tsnp2std.exe Kind Webcam related Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [snp2std] C:\WINDOWS.0\vsnp2std.exe Kind Webcam related Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup Kind Very safe Very safe Nokia PC-Suite TrayApplication Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Kind Very safe Very safe Firewall program from Zonelabs. Pro version inlcudes other online security options Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" Kind Safe Safe Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don t take over as default player for various media types. Available via Start -> Programs Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe Kind Safe Safe Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed Visitor's assessment Analyzerdetails O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe Kind Office related Visitor's assessment Analyzerdetails O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe Kind Very safe Very safe Task Switch XP Visitor's assessment Analyzerdetails O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Kind Very safe Very safe Nokia PC Suite 6 Visitor's assessment Analyzerdetails O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE') Kind Office related Visitor's assessment Analyzerdetails O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE') Kind Task Switch XP Visitor's assessment Analyzerdetails O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE') Kind Office related Visitor's assessment Analyzerdetails O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') Kind Office related Visitor's assessment Analyzerdetails O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') Kind Office related Visitor's assessment Analyzerdetails O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Kind Neutral Neutral Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice Visitor's assessment Analyzerdetails Unknown O8 - Extra context menu item: Add To QQ Expression - C:\Program Files\Sanook! QQ\QQ\AddEmotion.htm Kind Safe Safe To be fixed if the entry 'Add To QQ Expression' is unknown. Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed. Visitor's assessment Analyzerdetails O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Kind The entry ส่&งออกไปยัง Microsoft Excel has been identified as safe. Visitor's assessment Analyzerdetails O9 - Extra button: การวิจัย - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Kind The entry การวิจัย has been identified as safe. Visitor's assessment Analyzerdetails O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe Kind The entry has been identified as safe. Visitor's assessment Analyzerdetails O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe Kind The entry @xpsp3res.dll, has been identified as safe. Visitor's assessment Analyzerdetails O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Kind Very safe Very safe The entry Messenger has been identified as safe. Visitor's assessment Analyzerdetails O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Kind Safe Safe This entry was classified from our visitors as good. Visitor's assessment Analyzerdetails O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll Kind This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Visitor's assessment Analyzerdetails O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab Kind Safe Safe Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Visitor's assessment Analyzerdetails O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll Kind Neutral Neutral Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Visitor's assessment Analyzerdetails O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL Kind This entry has been identified as safe. Visitor's assessment Analyzerdetails Unknown O21 - SSODL: bklgvsf - {C7E47A26-211A-49A9-B52B-4068C4A75C2B} - (no file) Kind Visitor's assessment Analyzerdetails O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Kind Very safe Very safe This service (ccEvtMgr.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe Kind Very safe Very safe This service (ccPwdSvc.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Kind Safe Safe This service (ccSetMgr.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe Kind Very safe Very safe This service (DefWatch.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE Kind Fuzzy Algorithmcheck (4.45 / 5.00), Safe Visitor's assessment Analyzerdetails O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe Kind Very safe Very safe This service (SavRoam.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe Kind Very safe Very safe This service (ServiceLayer.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Kind Very safe Very safe This service (SNDSrvc.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe Kind Safe Safe This service (sp_rsser.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe Kind Very safe Very safe This service (Rtvscan.exe) was identified as a good one. Visitor's assessment Analyzerdetails O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe Kind This service (vsmon.exe) was identified as a good one. Visitor's assessment Analyzerdetails O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS.0\privacy_danger\index.htm Kind Fuzzy Algorithmcheck (1.66 / 5.00), Nasty
lataa combofix.. ota verkkokaapeli irti. aja combofix hjt:llä pois R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {059947A2-838E-4773-9EE2-8AB8F53C2EDE} - (no file) O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS.0\privacy_danger\index.htm combofixin jälkeen taustasi muuttuu valkoiseksi. ja sitten kun poistat nuo privacy tjsp merkinnät käynnistymästä niin palaa normaaliksi.
Kiitos neuvoista! Nyt taustakuva on pysynyt normaalina ja kone toimii nopeammin ,toistaiseksi... ;-) Asensin ekaks Spyware Blasterin. Sen jalkeen ajoin Smitfraudfixin ja varmuuden vuoksi viela Combofixin. Lopuksi putsasin paikat CCleanerilla. Ehka oli turhaa ajella molemmat fixit, mutta ei kai siita haittaakaan ollut...?
