1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

pop-up ongelma

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Cear 19.11.2005.

  1. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    Jamba pop-uppia iskee aina vähä välii ni oisko täs jotai vikaa.
    Ad-awarella, spyware stormerilla ja Spybotilla oon jotaki poistellu mut ei auta...


    Logfile of HijackThis v1.99.1
    Scan saved at 11:38:43, on 19.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    L:\WINDOWS\System32\smss.exe
    L:\WINDOWS\system32\winlogon.exe
    L:\WINDOWS\system32\services.exe
    L:\WINDOWS\system32\lsass.exe
    L:\WINDOWS\System32\Ati2evxx.exe
    L:\WINDOWS\system32\svchost.exe
    L:\WINDOWS\System32\svchost.exe
    L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    L:\WINDOWS\system32\rundll32.exe
    L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    L:\WINDOWS\system32\spoolsv.exe
    C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Norton AntiVirus\navapsvc.exe
    C:\Norton AntiVirus\IWP\NPFMntor.exe
    L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\Explorer.EXE
    L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
    C:\Daemon Tools\daemon.exe
    C:\Razer\razerhid.exe
    L:\Program Files\Common Files\Symantec Shared\ccApp.exe
    L:\Program Files\Messenger\msmsgs.exe
    C:\Bluetooth-ohjelmisto\BTTray.exe
    C:\Razer\razertra.exe
    C:\Razer\razerofa.exe
    L:\WINDOWS\System32\wuauclt.exe
    L:\WINDOWS\System32\wpabaln.exe
    C:\BitComet\BitComet.exe
    L:\WINDOWS\system32\cmd.exe
    C:\WINZIP\wzqkpick.exe
    L:\WINDOWS\System32\msiexec.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
    O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Spyware Stormer] L:\Program Files\Spyware Stormer\SpywareStormer.Exe
    O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O20 - Winlogon Notify: App Management - L:\WINDOWS\system32\e4202efmgh2a2.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    On siinä.

    Poista lisää/poista sovellus-kohdasta:

    Spyware Stormer

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    L:\Program Files\==>Spyware Stormer<==

    Käynnistä uudelleen.

    Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Lähetä myös uusi HjT-loki.
     
    Viimeksi muokattu: 19.11.2005
  4. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    L2MFIX find log 1.04a
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
    "Asynchronous"=dword:00000000
    "DllName"="L:\\WINDOWS\\system32\\ktnsl7571.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t
    (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (ID-IO) ALLOW Full access LUOJA-OMISTAJA


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{8D431239-5D4B-328A-4D4A-99C98FC84B9D}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    @=""
    "{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
    "{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}"=""
    "{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}"=""
    "{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}"=""
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{1A36F470-3C80-4CE3-9935-59EE34AE6505}"=""
    "{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\InprocServer32]
    @="L:\\WINDOWS\\system32\\djmodemx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\InprocServer32]
    @="L:\\WINDOWS\\system32\\mhpmsp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\InprocServer32]
    @="L:\\WINDOWS\\system32\\hxetwiz.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\InprocServer32]
    @="L:\\WINDOWS\\system32\\sgclogon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\InprocServer32]
    @="L:\\WINDOWS\\system32\\rtvpsp.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    L:\WINDOWS\SYSTEM32\
    gpp2l3~1.dll Sat 19 Nov 2005 2.22.20 ..S.R 235 997 230,46 K
    hxetwiz.dll Sat 19 Nov 2005 11.00.16 ..S.R 234 260 228,77 K
    jt2s07~1.dll Sat 19 Nov 2005 12.01.30 ..S.R 233 611 228,13 K
    jtl807~1.dll Sat 19 Nov 2005 10.04.26 ..S.R 235 892 230,36 K
    kt2sl7~1.dll Sat 19 Nov 2005 9.50.32 ..S.R 235 921 230,39 K
    ktnsl7~1.dll Sat 19 Nov 2005 11.55.48 ..S.R 237 222 231,66 K
    l8n4li~1.dll Sat 19 Nov 2005 0.54.00 ..S.R 235 467 229,95 K
    msssc.dll Sat 19 Nov 2005 0.17.32 A.... 44 0,04 K
    rtvpsp.dll Sat 19 Nov 2005 12.01.30 ..S.R 237 222 231,66 K
    sgclogon.dll Sat 19 Nov 2005 11.55.48 ..S.R 235 465 229,95 K

    10 items found: 10 files (9 H/S), 0 directories.
    Total of file sizes: 2 121 101 bytes 2,02 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Asemalla L ei ole nime„.
    Aseman sarjanumero on 14C4-F2BE

    Kansio L:\WINDOWS\System32

    19.11.2005 12:01 237ÿ222 rtvpsp.dll
    19.11.2005 12:01 233ÿ611 jt2s07f7e.dll
    19.11.2005 11:55 235ÿ465 sgclogon.dll
    19.11.2005 11:55 237ÿ222 ktnsl7571.dll
    19.11.2005 11:24 <KANSIO> dllcache
    19.11.2005 11:00 234ÿ260 hxetwiz.dll
    19.11.2005 10:04 235ÿ892 jtl8073ue.dll
    19.11.2005 09:50 235ÿ921 kt2sl7f71.dll
    19.11.2005 02:22 235ÿ997 gpp2l37o1.dll
    19.11.2005 00:54 235ÿ467 l8n4li5q18.dll
    19.11.2005 00:19 <KANSIO> Microsoft
    9 tiedosto(a) 2ÿ121ÿ057 tavua
    2 kansio(ta) 22ÿ202ÿ519ÿ552 tavua vapaana





    Logfile of HijackThis v1.99.1
    Scan saved at 12:07:06, on 19.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    L:\WINDOWS\System32\smss.exe
    L:\WINDOWS\system32\winlogon.exe
    L:\WINDOWS\system32\services.exe
    L:\WINDOWS\system32\lsass.exe
    L:\WINDOWS\System32\Ati2evxx.exe
    L:\WINDOWS\system32\svchost.exe
    L:\WINDOWS\System32\svchost.exe
    L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    L:\WINDOWS\system32\rundll32.exe
    L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    L:\WINDOWS\system32\spoolsv.exe
    C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Norton AntiVirus\navapsvc.exe
    C:\Norton AntiVirus\IWP\NPFMntor.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\Explorer.EXE
    L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
    C:\Daemon Tools\daemon.exe
    C:\Razer\razerhid.exe
    L:\Program Files\Common Files\Symantec Shared\ccApp.exe
    L:\Program Files\Messenger\msmsgs.exe
    C:\Bluetooth-ohjelmisto\BTTray.exe
    C:\WinZip\WZQKPICK.EXE
    C:\Razer\razertra.exe
    C:\Razer\razerofa.exe
    L:\Program Files\Internet Explorer\iexplore.exe
    L:\WINDOWS\System32\wuauclt.exe
    L:\WINDOWS\System32\wpabaln.exe
    L:\WINDOWS\System32\cmd.exe
    L:\WINDOWS\system32\ntvdm.exe
    L:\WINDOWS\system32\NOTEPAD.EXE
    L:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
    O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O20 - Winlogon Notify: SideBySide - L:\WINDOWS\system32\ktnsl7571.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.

    Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.

    Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
     
  6. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    l2mfix ei uudelleenkäynnistyksen jälkeen tehnyt mitään joten tuplaklikkasin tota second.bat juttua. Se jatko fixaamista, mutta sitte tuli "Käyttö estetty" onko normaalia? Se loppu siihen eikä näyttänyt lokia.
     
    Viimeksi muokattu: 19.11.2005
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tee se homma uudestaan. Jollei auta, niin hae täältä -> http://www.webroot.com/consumer/products/spysweeper/ spysweeper, asenna ja päivitä se. Käynnistä sitten vikasietotilaan(F8 käynnistyksen yhteydessä) ja skannaa sillä. Anna poistaa mitä löytää. Käynnistä normaalitilaan ja tee tämä uusiksi:

    Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen.

    Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa.

    Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
     
  8. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    Spy Sweeperillä poistin noin 15 örkkiä ja kokeilin tota l2mfixiä uudestaan. Tällä kertaa ei tullut käyttö estetty ilmotusta vaan scannaus onnistui, mutta lokia ei näkynyt.

    HTJ logi tässä nyt kuitenkin:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:13:44, on 19.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    L:\WINDOWS\System32\smss.exe
    L:\WINDOWS\system32\winlogon.exe
    L:\WINDOWS\system32\services.exe
    L:\WINDOWS\system32\lsass.exe
    L:\WINDOWS\System32\Ati2evxx.exe
    L:\WINDOWS\system32\svchost.exe
    L:\WINDOWS\System32\svchost.exe
    L:\WINDOWS\system32\Ati2evxx.exe
    L:\WINDOWS\Explorer.EXE
    L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    L:\WINDOWS\system32\spoolsv.exe
    C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Norton AntiVirus\navapsvc.exe
    C:\Norton AntiVirus\IWP\NPFMntor.exe
    L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Spy Sweeper\WRSSSDK.exe
    L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
    C:\Daemon Tools\daemon.exe
    C:\Razer\razerhid.exe
    L:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Spy Sweeper\SpySweeper.exe
    L:\Program Files\Messenger\msmsgs.exe
    C:\Bluetooth-ohjelmisto\BTTray.exe
    C:\WinZip\WZQKPICK.EXE
    L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Razer\razertra.exe
    C:\Razer\razerofa.exe
    L:\Program Files\Internet Explorer\iexplore.exe
    C:\mIRC\mirc.exe
    L:\WINDOWS\System32\wuauclt.exe
    L:\WINDOWS\System32\wpabaln.exe
    C:\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
    O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SpySweeper] "C:\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O20 - Winlogon Notify: WRNotifier - L:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  9. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    HjT-loki on kunnossa. Katso, onko siinä l2mfix-kansiossa työpöydällä joku lokitiedosto. Jos, niin lähetä se tänne. Onko vielä harmeja popupeista?
     
  10. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    Ei oo enää ongelmia pop-upeista. Tuol l2mfix kansiossa on joku log tiedosto mutta siel ei oo mitää.
     
  11. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Hyvä homma, l2m lähti pois :)
     
  12. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    Jotain häikkää täs tuntuu vielki olevan. Ainaku vähän ajan kone ollu pääl ni kone tilee tai välil lsass.exe kaatuu.
     
  13. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
    Tuleeko mitään virheilmoitusta, kun lsass.exe kaatuu?
     
  14. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    jotain "prosessi lsass.exe loppui odottamattomasti, järjestelmä sammuu 1min kuluttua"
     
  15. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
    Voisitko laittaa kuvan siitä ilmoituksesta?
     
  16. Cear

    Cear Regular member

    Liittynyt:
    29.10.2005
    Viestejä:
    127
    Kiitokset:
    0
    Pisteet:
    26
    Formatoin kovon ja nyt ei oo ollu mitään ongelmia.. joten kiitokset kuitenkin auttajille ;)
     
  17. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
    Teit formatoinnin ihan turhaan ;)
     

Jaa tämä sivu