HjT-Logi
|
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 07:27 |
Linkki tähän viestiin
|
Tässäpäs olisi, tuntuu tökkivän tämä kone aika pahasti aina joskus jossain...
Logfile of HijackThis v1.99.1
Scan saved at 12:23:16, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Topin Kansio\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c... O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 07:36 |
Linkki tähän viestiin
|
Onko sulla 3 antivirusta käynnissä? Dna nettiturva, Norton ja AntiVir. Vain yksi noista käyttöön, poista muut(ainakin AntiVir, jos Nortonista ei antivirusta koneella). Se jo aiheuttaa tökkimistä. Mutta on siellä muutakin.
Sammuta ensin tuo -> TeaTimer.exe, ettei estä fixejä
Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c... O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\System32\msctl32.dll
Hae ewido -> http://www.ewido.net/en/download
Asenna ja päivitä se.
Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:
C:\WINDOWS\System32\==>msctl32.dll<==
Skannaa ewidolla siellä vikasietotilassa. Anna poistaa, mitä löytää ja tallenna raportti. Käynnistä kone uudelleen. Lähetä uusi HjT-loki ja ewidon raportti tänne.
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 11:21 |
Linkki tähän viestiin
|
Tuo DNA Nettiturvaa ei pitäis olla enään(?):D mutta tuossa on nyt tuo uusi logi:
Logfile of HijackThis v1.99.1
Scan saved at 16:17:54, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
Ja sitten vielä se ewidon:
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 16:01:15, 25.12.2005
+ Report-Checksum: F9DDA1FE
+ Scan result:
:mozilla.168:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.169:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.171:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.172:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.173:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.175:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.176:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.184:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.242:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.256:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.257:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.266:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.267:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.269:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.272:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.289:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.306:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.323:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.339:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.340:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.344:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.345:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.346:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.348:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.395:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.431:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.484:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.485:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.494:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.495:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.496:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.498:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.499:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.500:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.501:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.502:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.503:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.504:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.505:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.509:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.512:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.513:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.514:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.515:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.518:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.521:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.523:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.530:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.559:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.560:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.564:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.565:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.575:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.580:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.581:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\j11ae66p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\Rar$EX00.422\crack.exe -> Downloader.PassAlert.e : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\RECYCLER\S-1-5-21-331270661-2898961560-457879433-1007\Dc15567.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup
Tulipas tekstiä, noo, mutta jospa nyt on vähän paremmin nuo asia tällä koneella, ku mitä luin tuosta ewidon raportista..:D
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 11:24
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 11:32 |
Linkki tähän viestiin
|
DNA nettiturva on ainakin koko ajan päällä :) Laita uusi HjT-loki, tuo ei ole kokonainen. Poistetaan se dna nettiturva sitten, jos ei ole enää voimassa tms. Ja suurin osa ewidon löydöistä oli vain evästeitä, tosin yksi vaatii lisätoimenpiteitä:
Hae hoster ->
http://www.funkytoad.com/download/hoster.zip
Pura zippi ja tuplaklikkaa hoster.exe
Paina "Restore original hosts" ja ok.
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 11:38 |
Linkki tähän viestiin
|
Ei ollut kokonainen? no tässä on uusi:
Logfile of HijackThis v1.99.1
Scan saved at 16:36:57, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Topin Kansio\winamp\winamp.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Topin Kansio\winRar\WinRAR.exe
C:\Topin Kansio\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
Onko tämä kelvollinen?
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 11:45 |
Linkki tähän viestiin
|
Joo, se on hyvä.
Fixaa nämä:
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
Teit varmaan tuon hoster-jutun jo?
Oletko täysin varma, että dna nettiturva ei ole enää voimassa ja et halua, että se on käytössä? Katsopa, onko sitä siellä lisää/poista sovellus-kohdassa (ohjauspaneeli) ja poista se sitä kautta.
Käynnistä kone uudelleen ja lähetä uusi HjT-loki.
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 12:41 |
Linkki tähän viestiin
|
Juu, tein sen... Olen varma, että sen voi poistaa, kun tuo DNA Nettiturva oli semmoinen kokeilu versio minkä latasin netistä...
Tässä uusi logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:36:32, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Topin kansio\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fssm32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
C:\Topin kansio\dna Nettiturva\Common\FSMB32.EXE
C:\Topin kansio\dna Nettiturva\Common\FCH32.EXE
C:\Topin kansio\dna Nettiturva\Common\FAMEH32.EXE
C:\Topin kansio\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Topin Kansio\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
Kun silmäilin tuota niin tuolla näytti taas olevan nuo, mitkä piti juuri fiksailla..? Niin ja sitten välillä tämä kone menee silleen käynnistyksessä että se normaalisti muuten aukee, siis tuo windows, mutta sitten en voi aukaista mitään kansiota tai käynnistä valikkoja... Mutta joskus se sitten käynnistyy ongelmitta...
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 12:48 |
Linkki tähän viestiin
|
En ole varma, miks nuo eivät lähde. Johtunee tuosta TeaTimeristä. Kokeile ottaa se Spybotin asetuksista pois päältä ja fixaa sitten nuo rivit. Poista sitten se dna nettiturva ohjauspaneelin kautta ja lähetä uusi HjT-loki, niin katotaan, lähtikö se pois.
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 12:54 |
Linkki tähän viestiin
|
Joo, ensin unohin ottaa sen teatimerin pois päältä, mutta sitten otisella yrittämällä otin sen pois päältä ja fixasin ne, mutta silti ne oli siellä... Niin ja unohin sanoa, että joskus aikoinaan poistin sen DNA Nettiturvan sieltä Lisää ja poista valikosta... Mutta tuollahan tuo vieläkin on...oon voinut poistaa sen jotenkin väärin... Eli sitä DNA Nettiturvaa ei löydy sieltä lisää ja poista valikosta.
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 13:01 |
Linkki tähän viestiin
|
Ok, tehdään sitten näin.
Fixaa nämä rivit:
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Topin kansio\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Topin kansio\dna Nettiturva\Common\FSAA.EXE (file missing)
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Topin kansio\dna Nettiturva\Common\FSMA32.EXE
Sitten käynnistä -> suorita -> services.msc. Etsi listalta nämä:
F-Secure Gatekeeper Handler Starter
F-Secure Authentication Agent (FSAA)
F-Secure Distributed Firewall Daemon
F-Secure Management Agent (FSMA)
Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista tämä hakemisto:
C:\Topin kansio\==>dna Nettiturva<==
Fixaa nämä:
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
Käynnistä kone uudelleen.
Hae ccleaner -> http://www.ccleaner.com (tai jos sulla on esim. EasyCleaner, niin voit käyttää myös sitä) ja putsaa rekisteri sillä (ota ensin rekisteristä varmuuskopio, ccleaner kysyy sitä itse, EasyCleanerista en tiedä).
Lähetä uusi HjT-loki.
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 15:09 |
Linkki tähän viestiin
|
Se ei ruvennut suostumaan poistaa sitä Dna Nettiturva kansiota, siihen tuli joku herjaus... Mutta tässä uusi loki:
Logfile of HijackThis v1.99.1
Scan saved at 20:08:06, on 25.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Topin kansio\AVPersonal\AVGNT.EXE
C:\Topin Kansio\realplayer\RealPlay.exe
C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Topin Kansio\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Topin kansio\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Topin Kansio\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Topin Kansio\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.net O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9FDF36-A23D-44BD-B779-D192DCDB1534}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\TOPIN KANSIO\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Topin kansio\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinBackup Scheduler (WinbackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
Jokohan nytten se rupeis näyttämään paremmalta?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 15:10
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 15:29 |
Linkki tähän viestiin
|
No ei ainakaan dna nettiturva enää käynnisty :) Yrititkö varmasti poistaa sitä kansiota vikasietotilassa? Ja sen AntiVirin voit vielä poistaa, jos Norton AntiVirus on ajan tasalla.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2005 @ 15:44
|
vapa
Suspended due to non-functional email address
|
25. joulukuuta 2005 @ 15:51 |
Linkki tähän viestiin
|
Joo yritin, mutta no eipähän enään se ole turhana haittana(nähtävästi). Mutta, niin siksi mulla on tuokin Antivir päällä ku tuon Nortonin päivitysmahdollisuus ilmaiseksi loppui jo noin vuosi sitten:D Mutta suurin kiitos avustasi, ja olen tässä huomannut, että koneeni on nopeutunut huomattavasti tämän prosessin jälkeen. Kiitän ja kuittaan!
|
AfterDawn Addict
|
25. joulukuuta 2005 @ 15:55 |
Linkki tähän viestiin
|
Selvä. Sitten kannattaa harkita koko Nortonin poistoa ja jonkun ilmaisen palomuurin laittamista tilalle (Sygate, kerio, zonealarm). Tällöin kone nopeutuisi entisestään. Ole hyvä :)
|
Mainos
|
|
|
Senior Member
|
25. joulukuuta 2005 @ 16:26 |
Linkki tähän viestiin
|
|