virus koneella

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 26.12.2024 / 05:05

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > virus koneella

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

virus koneella

Siirry:

Kirjoittaja

Viesti

pete114

Member

8. tammikuuta 2006 @ 11:20

Linkki tähän viestiin

Koneelle on vissiin tullu se haittaohjelma mistä on ollu juttua ja virus ohjelmilla ei löydy mitään internet exploreriin ei pääse ja taustakuvaa ei saa vaihgettua. Miten tämän voi korjata? Tässä on hjt-logi: Logfile of HijackThis v1.99.1
Scan saved at 16:14:24, on 8.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [eguoicibpzn] C:\WINDOWS\system32\pkkqoxb.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSha...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} (WebRecomendada Class) - http://62.97.81.200/dll/clickweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[ + lainaa]

-kemisti-

AfterDawn Addict

8. tammikuuta 2006 @ 11:28

Linkki tähän viestiin

Onhan siellä, juu.

Poista ohjauspaneelin kautta (lisää/poista sovellus, jos on)

ErrorGuard
PrivacyScanner/Privacy Champion

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [eguoicibpzn] C:\WINDOWS\system32\pkkqoxb.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Hae ewido -> http://www.ewido.net/en/download

Asenna ja päivitä se.

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä):

Poista, jos löytyy:

c:\==>secure32.html<==
C:\WINDOWS\system32\==>pkkqoxb.exe<==
C:\Program Files\==>ErrorGuard<==
C:\WINDOWS\system32\==>paytime.exe<==
C:\Program Files\==>Privacy Champion<==
C:\Program Files\Common Files\Microsoft Shared\Web Folders\==>ibm00001.exe<==
C:\==>winstall.exe<==

Skannaa ewidolla siellä vikasietotilassa (complete system scan). Anna poistaa, mitä löytää ja tallenna raportti. Käynnistä uudelleen, lähetä uusi HjT-loki ja ewidon raportti tänne.

[ + lainaa]

pete114

Member

8. tammikuuta 2006 @ 13:10

Linkki tähän viestiin

Tässä on hjt: Logfile of HijackThis v1.99.1
Scan saved at 18:07:14, on 8.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSha...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tässä ewido: ---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:01:29, 8.1.2006
+ Report-Checksum: 820D6F3

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\BTGrab -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1801674531-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\as7lzo6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Mikko\Cookies\mikko@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mikko\Cookies\mikko@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mikko\Cookies\mikko@reduxads.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temp\D9F43.tmp/LMSetup2.exe -> Adware.MDH : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\0X4B8R0N\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\ABENK5C3\kl[1].txt -> Logger.Agent.jl : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\M7LPE39P\country[1].htm -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\QPNOTCVY\paytime[1].txt -> Hijacker.StartPage.agp : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\TCWNX58L\tool4[1].txt -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\W737E0DT\hosts[1].txt -> Trojan.Qhost.el : Cleaned with backup
C:\Documents and Settings\Mikko\Local Settings\Temporary Internet Files\Content.IE5\ZNL7ZXOW\tool5[1].txt -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\ace.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\atla.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\libexpat.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\uninstaller.exe -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Timo\Local Settings\Temp\~apropos0\WinGenerics.dll -> Trojan.Crypt.t : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ulla\Application Data\Mozilla\Firefox\Profiles\zgz568ae.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Ulla\Cookies\ulla@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\ace.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\atla.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\libexpat.dll -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\uninstaller.exe -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\Ulla\Local Settings\Temp\~apropos0\WinGenerics.dll -> Trojan.Crypt.t : Cleaned with backup
C:\RECYCLER\S-1-5-21-1801674531-776561741-725345543-1004\Dc3.exe -> Logger.Agent.jl : Cleaned with backup
C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Agent.jl : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\paytime.exe -> Hijacker.StartPage.agp : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup

::Report End

[ + lainaa]

-kemisti-

AfterDawn Addict

8. tammikuuta 2006 @ 13:15

Linkki tähän viestiin

Fixaa nämä (vikasietotilassa, jos eivät muuten lähde):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

Hae hoster ->
http://www.funkytoad.com/download/hoster.zip

Pura zippi ja tuplaklikkaa hoster.exe

Paina "Restore original hosts" ja ok.

Käynnistä kone uudestaan ja lähetä uusi HjT-loki.

[ + lainaa]

pete114

Member

8. tammikuuta 2006 @ 13:27

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 18:27:27, on 8.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.fi;*.*.fi;*.*.*.fi;*.;*.;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Ohjelmatiedostot\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DeerHunter4.exe] C:\DOWNLO~1\DEERHU~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSha...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4ECC41-FDA5-4FB5-AAB5-3DF33EAF2640}: NameServer = 193.210.18.18,193.210.19.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[ + lainaa]

-kemisti-

AfterDawn Addict

8. tammikuuta 2006 @ 14:25

Linkki tähän viestiin

Loki on kunnossa.

[ + lainaa]

pete114

Member

8. tammikuuta 2006 @ 14:38

Linkki tähän viestiin

Muuten kone tuntuu olevan kunnossa mutta taustakuvaa ei saa edelleenkään vaihdettua. siinä kuva työpöydästä http://img346.imageshack.us/my.php?image=nimetn8mi.jpg

[ + lainaa]

-kemisti-

AfterDawn Addict

8. tammikuuta 2006 @ 15:23

Linkki tähän viestiin

Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa. Jos ei löydy, yritä "warnhp.html"-hakusanaa.

Lähetä registry searchin tulokset.

[ + lainaa]

pete114

Member

9. tammikuuta 2006 @ 11:26

Linkki tähän viestiin

tämmösiä löyty:

HKEY_CURRENT_USER Software\Microsoft\Search Assistant\ACMru\5603 001 desktop.html HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme Wallpaper %SystemRoot%\desktop.html

[ + lainaa]

Mainos

-kemisti-

AfterDawn Addict

9. tammikuuta 2006 @ 11:43

Linkki tähän viestiin

Lähettäisitkö sen reg searchin tulokset ihan suoraan ilman poisjättämistä ym.? Koska se ei näytä tuolta.

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > virus koneella


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.