virus koneella

Discussion in 'Virukset ja haittaohjelmat' started by pete114, Jan 8, 2006.

  1. pete114

    pete114 Regular member

    Joined:
    May 12, 2004
    Messages:
    412
    Likes Received:
    0
    Trophy Points:
    26
    Koneelle on vissiin tullu se haittaohjelma mistä on ollu juttua ja virus ohjelmilla ei löydy mitään internet exploreriin ei pääse ja taustakuvaa ei saa vaihgettua. Miten tämän voi korjata? Tässä on hjt-logi: Logfile of HijackThis v1.99.1
    Scan saved at 16:14:24, on 8.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\paytime.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\paytime.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [eguoicibpzn] C:\WINDOWS\system32\pkkqoxb.exe
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
    O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} (WebRecomendada Class) - http://62.97.81.200/dll/clickweb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    pete114, Jan 8, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Onhan siellä, juu.

    Poista ohjauspaneelin kautta (lisää/poista sovellus, jos on)

    ErrorGuard
    PrivacyScanner/Privacy Champion

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O4 - HKLM\..\Run: [eguoicibpzn] C:\WINDOWS\system32\pkkqoxb.exe
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

    Laita piilotiedostot näkyviin, ohje ->
    http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Hae ewido -> http://www.ewido.net/en/download

    Asenna ja päivitä se.

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä):

    Poista, jos löytyy:

    c:\==>secure32.html<==
    C:\WINDOWS\system32\==>pkkqoxb.exe<==
    C:\Program Files\==>ErrorGuard<==
    C:\WINDOWS\system32\==>paytime.exe<==
    C:\Program Files\==>Privacy Champion<==
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\==>ibm00001.exe<==
    C:\==>winstall.exe<==

    Skannaa ewidolla siellä vikasietotilassa (complete system scan). Anna poistaa, mitä löytää ja tallenna raportti. Käynnistä uudelleen, lähetä uusi HjT-loki ja ewidon raportti tänne.
     
    -kemisti-, Jan 8, 2006
    #2
  3. pete114

    pete114 Regular member

    Joined:
    May 12, 2004
    Messages:
    412
    Likes Received:
    0
    Trophy Points:
    26
    Tässä on hjt: Logfile of HijackThis v1.99.1
    Scan saved at 18:07:14, on 8.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    tässä ewido: ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 18:01:29, 8.1.2006
    + Report-Checksum: 820D6F3

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\BTGrab -> Spyware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.204:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.205:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.206:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.207:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.208:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.226:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.261:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.265:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.271:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.272:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.273:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.279:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.281:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    :mozilla.282:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.283:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.288:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.289:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.290:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.363:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    :mozilla.376:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.377:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.378:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.379:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
    :mozilla.383:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.388:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.395:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.406:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.433:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.453:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.460:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.473:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.495:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.521:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.532:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.533:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.537:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.538:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.539:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.578:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.606:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.607:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Mikko\Cookies\mikko@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mikko\Cookies\mikko@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mikko\Cookies\mikko@reduxads.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temp\D9F43.tmp/LMSetup2.exe -> Adware.MDH : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\0X4B8R0N\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\ABENK5C3\kl[1].txt -> Logger.Agent.jl : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\M7LPE39P\country[1].htm -> Trojan.Small : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\QPNOTCVY\paytime[1].txt -> Hijacker.StartPage.agp : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\TCWNX58L\tool4[1].txt -> Trojan.Small : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\W737E0DT\hosts[1].txt -> Trojan.Qhost.el : Cleaned with backup
    C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\ZNL7ZXOW\tool5[1].txt -> Trojan.Small : Cleaned with backup
    C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\ace.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\atla.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\libexpat.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\uninstaller.exe -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\WinGenerics.dll -> Trojan.Crypt.t : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Ulla\Cookies\ulla@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\ace.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\atla.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\libexpat.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\uninstaller.exe -> Trojan.Crypt.t : Cleaned with backup
    C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\WinGenerics.dll -> Trojan.Crypt.t : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1801674531-776561741-725345543-1004\Dc3.exe -> Logger.Agent.jl : Cleaned with backup
    C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
    C:\WINDOWS\kl.exe -> Logger.Agent.jl : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\paytime.exe -> Hijacker.StartPage.agp : Cleaned with backup
    C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
    C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup


    ::Report End
     
    pete114, Jan 8, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Fixaa nämä (vikasietotilassa, jos eivät muuten lähde):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

    Hae hoster ->
    http://www.funkytoad.com/download/hoster.zip

    Pura zippi ja tuplaklikkaa hoster.exe

    Paina "Restore original hosts" ja ok.

    Käynnistä kone uudestaan ja lähetä uusi HjT-loki.
     
    -kemisti-, Jan 8, 2006
    #4
  5. pete114

    pete114 Regular member

    Joined:
    May 12, 2004
    Messages:
    412
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 18:27:27, on 8.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
    pete114, Jan 8, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Loki on kunnossa.
     
    -kemisti-, Jan 8, 2006
    #6
  7. pete114

    pete114 Regular member

    Joined:
    May 12, 2004
    Messages:
    412
    Likes Received:
    0
    Trophy Points:
    26
    pete114, Jan 8, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa. Jos ei löydy, yritä "warnhp.html"-hakusanaa.

    Lähetä registry searchin tulokset.
     
    -kemisti-, Jan 8, 2006
    #8
  9. pete114

    pete114 Regular member

    Joined:
    May 12, 2004
    Messages:
    412
    Likes Received:
    0
    Trophy Points:
    26
    tämmösiä löyty:


    HKEY_CURRENT_USER Software\Microsoft\Search Assistant\ACMru\5603 001 desktop.html HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme Wallpaper %SystemRoot%\desktop.html
     
    pete114, Jan 9, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Lähettäisitkö sen reg searchin tulokset ihan suoraan ilman poisjättämistä ym.? Koska se ei näytä tuolta.
     
    -kemisti-, Jan 9, 2006
    #10

Share This Page