|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
pop-up ongelma
|
|
|
Cear
Member
|
19. marraskuuta 2005 @ 06:45 |
Linkki tähän viestiin
|
Jamba pop-uppia iskee aina vähä välii ni oisko täs jotai vikaa.
Ad-awarella, spyware stormerilla ja Spybotilla oon jotaki poistellu mut ei auta...
Logfile of HijackThis v1.99.1
Scan saved at 11:38:43, on 19.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
L:\WINDOWS\system32\rundll32.exe
L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
L:\WINDOWS\system32\spoolsv.exe
C:\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Norton AntiVirus\navapsvc.exe
C:\Norton AntiVirus\IWP\NPFMntor.exe
L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Daemon Tools\daemon.exe
C:\Razer\razerhid.exe
L:\Program Files\Common Files\Symantec Shared\ccApp.exe
L:\Program Files\Messenger\msmsgs.exe
C:\Bluetooth-ohjelmisto\BTTray.exe
C:\Razer\razertra.exe
C:\Razer\razerofa.exe
L:\WINDOWS\System32\wuauclt.exe
L:\WINDOWS\System32\wpabaln.exe
C:\BitComet\BitComet.exe
L:\WINDOWS\system32\cmd.exe
C:\WINZIP\wzqkpick.exe
L:\WINDOWS\System32\msiexec.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Spyware Stormer] L:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O20 - Winlogon Notify: App Management - L:\WINDOWS\system32\e4202efmgh2a2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
AfterDawn Addict
|
19. marraskuuta 2005 @ 06:50 |
Linkki tähän viestiin
|
On siinä.
Poista lisää/poista sovellus-kohdasta:
Spyware Stormer
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:
L:\Program Files\==>Spyware Stormer<==
Käynnistä uudelleen.
Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Lähetä myös uusi HjT-loki.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. marraskuuta 2005 @ 06:50
|
|
Cear
Member
|
19. marraskuuta 2005 @ 07:07 |
Linkki tähän viestiin
|
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="L:\\WINDOWS\\system32\\ktnsl7571.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8D431239-5D4B-328A-4D4A-99C98FC84B9D}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N?ytt?sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N?yt?n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K?ytt?liittym?n leikkeidenk?sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym?laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n?yt?n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym?laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym?laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym?laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht?v?t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht?v?palkki ja K?ynnist?-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S?hk?posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty?kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty?kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint?palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L?hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j?sent?j?"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v?limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K?ytt?liittym?n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k?sittelyst? (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist?"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K?ytt?j?tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk?sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil?it?..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}"=""
"{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}"=""
"{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}"=""
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1A36F470-3C80-4CE3-9935-59EE34AE6505}"=""
"{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\InprocServer32]
@="L:\\WINDOWS\\system32\\djmodemx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\InprocServer32]
@="L:\\WINDOWS\\system32\\mhpmsp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\InprocServer32]
@="L:\\WINDOWS\\system32\\hxetwiz.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\InprocServer32]
@="L:\\WINDOWS\\system32\\sgclogon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\InprocServer32]
@="L:\\WINDOWS\\system32\\rtvpsp.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
L:\WINDOWS\SYSTEM32\
gpp2l3~1.dll Sat 19 Nov 2005 2.22.20 ..S.R 235 997 230,46 K
hxetwiz.dll Sat 19 Nov 2005 11.00.16 ..S.R 234 260 228,77 K
jt2s07~1.dll Sat 19 Nov 2005 12.01.30 ..S.R 233 611 228,13 K
jtl807~1.dll Sat 19 Nov 2005 10.04.26 ..S.R 235 892 230,36 K
kt2sl7~1.dll Sat 19 Nov 2005 9.50.32 ..S.R 235 921 230,39 K
ktnsl7~1.dll Sat 19 Nov 2005 11.55.48 ..S.R 237 222 231,66 K
l8n4li~1.dll Sat 19 Nov 2005 0.54.00 ..S.R 235 467 229,95 K
msssc.dll Sat 19 Nov 2005 0.17.32 A.... 44 0,04 K
rtvpsp.dll Sat 19 Nov 2005 12.01.30 ..S.R 237 222 231,66 K
sgclogon.dll Sat 19 Nov 2005 11.55.48 ..S.R 235 465 229,95 K
10 items found: 10 files (9 H/S), 0 directories.
Total of file sizes: 2 121 101 bytes 2,02 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Asemalla L ei ole nime?.
Aseman sarjanumero on 14C4-F2BE
Kansio L:\WINDOWS\System32
19.11.2005 12:01 237˙222 rtvpsp.dll
19.11.2005 12:01 233˙611 jt2s07f7e.dll
19.11.2005 11:55 235˙465 sgclogon.dll
19.11.2005 11:55 237˙222 ktnsl7571.dll
19.11.2005 11:24 <KANSIO> dllcache
19.11.2005 11:00 234˙260 hxetwiz.dll
19.11.2005 10:04 235˙892 jtl8073ue.dll
19.11.2005 09:50 235˙921 kt2sl7f71.dll
19.11.2005 02:22 235˙997 gpp2l37o1.dll
19.11.2005 00:54 235˙467 l8n4li5q18.dll
19.11.2005 00:19 <KANSIO> Microsoft
9 tiedosto(a) 2˙121˙057 tavua
2 kansio(ta) 22˙202˙519˙552 tavua vapaana
Logfile of HijackThis v1.99.1
Scan saved at 12:07:06, on 19.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
L:\WINDOWS\system32\rundll32.exe
L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
L:\WINDOWS\system32\spoolsv.exe
C:\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Norton AntiVirus\navapsvc.exe
C:\Norton AntiVirus\IWP\NPFMntor.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Daemon Tools\daemon.exe
C:\Razer\razerhid.exe
L:\Program Files\Common Files\Symantec Shared\ccApp.exe
L:\Program Files\Messenger\msmsgs.exe
C:\Bluetooth-ohjelmisto\BTTray.exe
C:\WinZip\WZQKPICK.EXE
C:\Razer\razertra.exe
C:\Razer\razerofa.exe
L:\Program Files\Internet Explorer\iexplore.exe
L:\WINDOWS\System32\wuauclt.exe
L:\WINDOWS\System32\wpabaln.exe
L:\WINDOWS\System32\cmd.exe
L:\WINDOWS\system32\ntvdm.exe
L:\WINDOWS\system32\NOTEPAD.EXE
L:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O20 - Winlogon Notify: SideBySide - L:\WINDOWS\system32\ktnsl7571.dll
O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
AfterDawn Addict
|
19. marraskuuta 2005 @ 07:09 |
Linkki tähän viestiin
|
|
Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.
Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.
Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
|
|
Cear
Member
|
19. marraskuuta 2005 @ 07:58 |
Linkki tähän viestiin
|
|
l2mfix ei uudelleenkäynnistyksen jälkeen tehnyt mitään joten tuplaklikkasin tota second.bat juttua. Se jatko fixaamista, mutta sitte tuli "Käyttö estetty" onko normaalia? Se loppu siihen eikä näyttänyt lokia.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. marraskuuta 2005 @ 07:58
|
AfterDawn Addict
|
19. marraskuuta 2005 @ 08:54 |
Linkki tähän viestiin
|
Tee se homma uudestaan. Jollei auta, niin hae täältä -> http://www.webroot.com/consumer/products/spysweeper/ spysweeper, asenna ja päivitä se. Käynnistä sitten vikasietotilaan(F8 käynnistyksen yhteydessä) ja skannaa sillä. Anna poistaa mitä löytää. Käynnistä normaalitilaan ja tee tämä uusiksi:
Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.
Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.
Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
|
|
Cear
Member
|
19. marraskuuta 2005 @ 10:14 |
Linkki tähän viestiin
|
Spy Sweeperillä poistin noin 15 örkkiä ja kokeilin tota l2mfixiä uudestaan. Tällä kertaa ei tullut käyttö estetty ilmotusta vaan scannaus onnistui, mutta lokia ei näkynyt.
HTJ logi tässä nyt kuitenkin:
Logfile of HijackThis v1.99.1
Scan saved at 15:13:44, on 19.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
L:\WINDOWS\System32\smss.exe
L:\WINDOWS\system32\winlogon.exe
L:\WINDOWS\system32\services.exe
L:\WINDOWS\system32\lsass.exe
L:\WINDOWS\System32\Ati2evxx.exe
L:\WINDOWS\system32\svchost.exe
L:\WINDOWS\System32\svchost.exe
L:\WINDOWS\system32\Ati2evxx.exe
L:\WINDOWS\Explorer.EXE
L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
L:\WINDOWS\system32\spoolsv.exe
C:\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Norton AntiVirus\navapsvc.exe
C:\Norton AntiVirus\IWP\NPFMntor.exe
L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Spy Sweeper\WRSSSDK.exe
L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Daemon Tools\daemon.exe
C:\Razer\razerhid.exe
L:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Spy Sweeper\SpySweeper.exe
L:\Program Files\Messenger\msmsgs.exe
C:\Bluetooth-ohjelmisto\BTTray.exe
C:\WinZip\WZQKPICK.EXE
L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Razer\razertra.exe
C:\Razer\razerofa.exe
L:\Program Files\Internet Explorer\iexplore.exe
C:\mIRC\mirc.exe
L:\WINDOWS\System32\wuauclt.exe
L:\WINDOWS\System32\wpabaln.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O20 - Winlogon Notify: WRNotifier - L:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
AfterDawn Addict
|
19. marraskuuta 2005 @ 10:18 |
Linkki tähän viestiin
|
|
HjT-loki on kunnossa. Katso, onko siinä l2mfix-kansiossa työpöydällä joku lokitiedosto. Jos, niin lähetä se tänne. Onko vielä harmeja popupeista?
|
|
Cear
Member
|
19. marraskuuta 2005 @ 12:57 |
Linkki tähän viestiin
|
|
Ei oo enää ongelmia pop-upeista. Tuol l2mfix kansiossa on joku log tiedosto mutta siel ei oo mitää.
|
AfterDawn Addict
|
19. marraskuuta 2005 @ 13:01 |
Linkki tähän viestiin
|
|
Hyvä homma, l2m lähti pois :)
|
|
Cear
Member
|
19. marraskuuta 2005 @ 13:12 |
Linkki tähän viestiin
|
|
Jotain häikkää täs tuntuu vielki olevan. Ainaku vähän ajan kone ollu pääl ni kone tilee tai välil lsass.exe kaatuu.
|
Senior Member
1 tuotearvio
|
19. marraskuuta 2005 @ 13:24 |
Linkki tähän viestiin
|
|
Tuleeko mitään virheilmoitusta, kun lsass.exe kaatuu?
|
|
Cear
Member
|
19. marraskuuta 2005 @ 13:27 |
Linkki tähän viestiin
|
|
jotain "prosessi lsass.exe loppui odottamattomasti, järjestelmä sammuu 1min kuluttua"
|
Senior Member
1 tuotearvio
|
19. marraskuuta 2005 @ 15:13 |
Linkki tähän viestiin
|
|
Voisitko laittaa kuvan siitä ilmoituksesta?
|
|
Cear
Member
|
19. marraskuuta 2005 @ 15:17 |
Linkki tähän viestiin
|
|
Formatoin kovon ja nyt ei oo ollu mitään ongelmia.. joten kiitokset kuitenkin auttajille ;)
|
|
Mainos
|
|
|
Senior Member
1 tuotearvio
|
19. marraskuuta 2005 @ 15:20 |
Linkki tähän viestiin
|
|
Teit formatoinnin ihan turhaan ;)
|
|
