User Käyttäjä Salasana  
   
keskiviikko 25.12.2024 / 04:54
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hjt-logi
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
HjT-Logi
  Siirry:
 
Kirjoittaja Viesti
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 07:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässäpäs olisi, tuntuu tökkivän tämä kone aika pahasti aina joskus jossain...

Logfile of HijackThis v1.99.1
Scan saved at 12:23:16, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Topin Kansio\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
AfterDawn Addict
_
25. joulukuuta 2005 @ 07:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Onko sulla 3 antivirusta käynnissä? Dna nettiturva, Norton ja AntiVir. Vain yksi noista käyttöön, poista muut(ainakin AntiVir, jos Nortonista ei antivirusta koneella). Se jo aiheuttaa tökkimistä. Mutta on siellä muutakin.

Sammuta ensin tuo -> TeaTimer.exe, ettei estä fixejä

Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c...
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll

Hae ewido -> http://www.ewido.net/en/download

Asenna ja päivitä se.

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

C:\WINDOWS\System32\==>msctl32.dll<==

Skannaa ewidolla siellä vikasietotilassa. Anna poistaa, mitä löytää ja tallenna raportti. Käynnistä kone uudelleen. Lähetä uusi HjT-loki ja ewidon raportti tänne.
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 11:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tuo DNA Nettiturvaa ei pitäis olla enään(?):D mutta tuossa on nyt tuo uusi logi:
Logfile of HijackThis v1.99.1
Scan saved at 16:17:54, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE


Ja sitten vielä se ewidon:
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 16:01:15, 25.12.2005
+ Report-Checksum: F9DDA1FE

+ Scan result:

:mozilla.168:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.169:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.171:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.172:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.173:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.175:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.176:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.242:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.256:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.257:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.266:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.289:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.306:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.323:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.339:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.340:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.344:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.345:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.346:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.348:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.395:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.431:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.484:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.485:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.494:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.495:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.496:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.498:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.499:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.500:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.501:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.502:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.503:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.504:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.505:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.509:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.512:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.513:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.514:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.515:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.518:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.521:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.523:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.530:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.559:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.560:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.564:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.565:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.575:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.580:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.581:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\Rar$EX00.422\crack.exe -> Downloader.PassAlert.e : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\RECYCLER\S-1-5-21-331270661-2898961560-457879433-1007\Dc15567.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup


Tulipas tekstiä, noo, mutta jospa nyt on vähän paremmin nuo asia tällä koneella, ku mitä luin tuosta ewidon raportista..:D

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 11:24

AfterDawn Addict
_
25. joulukuuta 2005 @ 11:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
DNA nettiturva on ainakin koko ajan päällä :) Laita uusi HjT-loki, tuo ei ole kokonainen. Poistetaan se dna nettiturva sitten, jos ei ole enää voimassa tms. Ja suurin osa ewidon löydöistä oli vain evästeitä, tosin yksi vaatii lisätoimenpiteitä:

Hae hoster ->
http://www.funkytoad.com/download/hoster.zip

Pura zippi ja tuplaklikkaa hoster.exe

Paina "Restore original hosts" ja ok.
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 11:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei ollut kokonainen? no tässä on uusi:

Logfile of HijackThis v1.99.1
Scan saved at 16:36:57, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Topin Kansio\winRar\WinRAR.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

Onko tämä kelvollinen?
AfterDawn Addict
_
25. joulukuuta 2005 @ 11:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo, se on hyvä.

Fixaa nämä:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

Teit varmaan tuon hoster-jutun jo?

Oletko täysin varma, että dna nettiturva ei ole enää voimassa ja et halua, että se on käytössä? Katsopa, onko sitä siellä lisää/poista sovellus-kohdassa (ohjauspaneeli) ja poista se sitä kautta.

Käynnistä kone uudelleen ja lähetä uusi HjT-loki.
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 12:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juu, tein sen... Olen varma, että sen voi poistaa, kun tuo DNA Nettiturva oli semmoinen kokeilu versio minkä latasin netistä...
Tässä uusi logi:

Logfile of HijackThis v1.99.1
Scan saved at 17:36:32, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe

Kun silmäilin tuota niin tuolla näytti taas olevan nuo, mitkä piti juuri fiksailla..? Niin ja sitten välillä tämä kone menee silleen käynnistyksessä että se normaalisti muuten aukee, siis tuo windows, mutta sitten en voi aukaista mitään kansiota tai käynnistä valikkoja... Mutta joskus se sitten käynnistyy ongelmitta...
AfterDawn Addict
_
25. joulukuuta 2005 @ 12:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En ole varma, miks nuo eivät lähde. Johtunee tuosta TeaTimeristä. Kokeile ottaa se Spybotin asetuksista pois päältä ja fixaa sitten nuo rivit. Poista sitten se dna nettiturva ohjauspaneelin kautta ja lähetä uusi HjT-loki, niin katotaan, lähtikö se pois.
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 12:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo, ensin unohin ottaa sen teatimerin pois päältä, mutta sitten otisella yrittämällä otin sen pois päältä ja fixasin ne, mutta silti ne oli siellä... Niin ja unohin sanoa, että joskus aikoinaan poistin sen DNA Nettiturvan sieltä Lisää ja poista valikosta... Mutta tuollahan tuo vieläkin on...oon voinut poistaa sen jotenkin väärin... Eli sitä DNA Nettiturvaa ei löydy sieltä lisää ja poista valikosta.
AfterDawn Addict
_
25. joulukuuta 2005 @ 13:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ok, tehdään sitten näin.

Fixaa nämä rivit:

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE

Sitten käynnistä -> suorita -> services.msc. Etsi listalta nämä:

F-Secure Gatekeeper Handler Starter
F-Secure Authentication Agent (FSAA)
F-Secure Distributed Firewall Daemon
F-Secure Management Agent (FSMA)

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista tämä hakemisto:

C:\Topin kansio\==>dna Nettiturva<==

Fixaa nämä:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

Käynnistä kone uudelleen.

Hae ccleaner -> http://www.ccleaner.com (tai jos sulla on esim. EasyCleaner, niin voit käyttää myös sitä) ja putsaa rekisteri sillä (ota ensin rekisteristä varmuuskopio, ccleaner kysyy sitä itse, EasyCleanerista en tiedä).

Lähetä uusi HjT-loki.
vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 15:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Se ei ruvennut suostumaan poistaa sitä Dna Nettiturva kansiota, siihen tuli joku herjaus... Mutta tässä uusi loki:

Logfile of HijackThis v1.99.1
Scan saved at 20:08:06, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


Jokohan nytten se rupeis näyttämään paremmalta?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 15:10

AfterDawn Addict
_
25. joulukuuta 2005 @ 15:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No ei ainakaan dna nettiturva enää käynnisty :) Yrititkö varmasti poistaa sitä kansiota vikasietotilassa? Ja sen AntiVirin voit vielä poistaa, jos Norton AntiVirus on ajan tasalla.

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 15:44

vapa
Suspended due to non-functional email address
_
25. joulukuuta 2005 @ 15:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo yritin, mutta no eipähän enään se ole turhana haittana(nähtävästi). Mutta, niin siksi mulla on tuokin Antivir päällä ku tuon Nortonin päivitysmahdollisuus ilmaiseksi loppui jo noin vuosi sitten:D Mutta suurin kiitos avustasi, ja olen tässä huomannut, että koneeni on nopeutunut huomattavasti tämän prosessin jälkeen. Kiitän ja kuittaan!
AfterDawn Addict
_
25. joulukuuta 2005 @ 15:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Selvä. Sitten kannattaa harkita koko Nortonin poistoa ja jonkun ilmaisen palomuurin laittamista tilalle (Sygate, kerio, zonealarm). Tällöin kone nopeutuisi entisestään. Ole hyvä :)
Mainos
_
__
 
_
Senior Member
_
25. joulukuuta 2005 @ 16:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Todellakin se Norton nyt pois kun sillä et tee yhtään mitään.

Ilmaisia palomuuja löytyy tästä -> http://keskustelu.afterdawn.com/thread_view.cfm/162275

Muistahan nyt vaan se kultainen sääntö koneissa:
1 palomuuri
1 antivirus ohjelma
2- antispyware ohjelmaa


afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hjt-logi
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2024 AfterDawn Oy