HJT loki kummasteltavaksi.

Eli tässä on kaverin koneesta loki. Miltä vaikutta?

Logfile of HijackThis v1.99.1
Scan saved at 2:20:44, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\Valve\Steam\Steam.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\Ohjelmatiedostot\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\OHJELM~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\OHJELMATIEDOSTOT\LOGITECH\VIDEO\FXSVR2.EXE
C:\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Ohjelmatiedostot\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

 

Kyllähän tuolla örkkejä on. Mutta tätä saa siivota kahden tunnin välein, jos tuota Windowsia ei päivitetä aika-ajoin.
Kyllä nyt pitäisi pikkuhiljaa kokeilla jo tuota service pack 2:sta asennella koneelle.

Fixaa nämä HjT:lla

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing)

Hae Ewido, asenna ja päivitä mutta älä scannaa vielä. http://keskustelu.afterdawn.com/thread_view.cfm/269186


Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )

Poista nämä jos löytyy:
C:\WINDOWS\System32\shdocvw.dll
C:\WINDOWS\msiconfig.exe
C:\WINDOWS\axdcfasb.exe (file missing)

Scannaa Ewidolla vikasietotilassa, ja säästä raportti

Lähetä uusi loki, ja Ewidon raportti.

Ja käy nyt siellä WindowsUpdatessa mahdollisimman pian.

 

Tarkoitus on kyllä laittaa koko käyttis uusiksi kunhan vaan keriää.
Tässä vähän reportaasia.

Logfile of HijackThis v1.99.1
Scan saved at 10:54:40, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\Valve\Steam\Steam.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\Ohjelmatiedostot\Mozilla Firefox\firefox.exe
C:\OHJELM~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\HJThis(älä koske)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Ohjelmatiedostot\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\WINDOWS\System32\shdocvw.dll. Tuo löytyi muttei antanut poistaa vikasiedossa.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:48:34, 7.1.2006
+ Report-Checksum: DBF6F7C9

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}\\ClsidExtension -> Spyware.HotBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\c.bat -> Backdoor.BotGet.FtpA : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IQ6WL9T4\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R0TU6IQS\joysaver[1].cab/mm83.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
:mozilla.31:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.38:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.40:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.44:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.77:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.80:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.84:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.85:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.86:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.90:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\WINDOWS\TEMP\Perflib_Perfdata_fc0.dat -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temporary Internet Files\Content.IE5\UXN8PCVM\c1=001&c2=000&c3=000&c4=000&c5=000&c6=000&c7=000&c8=000&c9=000&c10=999&c11=999&c12=000&z1=0000000[1].htm -> Spyware.BookedSpace : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Erkki Manninen\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017275.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017276.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017277.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017279.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017280.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017282.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017283.DLL -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017284.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017317.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017318.DLL -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP21\A0017319.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP22\A0017402.exe -> Proxy.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP22\A0017424.exe -> Proxy.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021612.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021615.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021616.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021617.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021618.DLL -> Spyware.FunWeb : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021619.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021620.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021621.DLL -> Adware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021622.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021623.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021625.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021626.DLL -> Spyware.FunWeb : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021627.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021628.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021630.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021631.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021632.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021633.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021634.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021635.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021636.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021637.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021639.DLL -> Adware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021640.DLL -> Adware.IWon : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021641.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021643.DLL -> Adware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021646.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021651.DLL -> Adware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021653.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP23\A0021654.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021699.exe -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021700.exe -> Adware.Hotbar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021701.dll -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021706.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021708.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021715.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021732.DLL -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021733.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021738.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021739.dll -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021740.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021741.EXE -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021742.DLL -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021743.DLL -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP24\A0021744.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP25\A0023020.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP34\A0028090.exe -> Proxy.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP34\A0028200.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End

Kyllä noitakin löytyi muutama.

 

Tätä EI SAA poistaa, Windowsin oma dll! ->
C:\WINDOWS\System32\shdocvw.dll Tuo örkki vaan käyttää sitä hyväkseen.

Fixaa nämä:

O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe (file missing)
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Ohjelmatiedostot\Kerio\Personal Firewall 4\kpf4ss.exe (file missing) (jos Kerio ei enää käytössä)

Sitten sammuta servicet näin: Käynnistä -> suorita -> services.msc -> ok. Etsi listalta:

fwnet64MS
Ins Config
Kerio Personal Firewall 4

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä"

Käynnistä uudelleen ja lähetä uusi HjT-loki.

 

Hyvä sitten ettei suostunut poistumaan. Muut sain pois käytöstä paitsi tuon Ins Configin, siis sitä ei löytynyt sieltä.

Logfile of HijackThis v1.99.1
Scan saved at 13:21:16, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\Valve\Steam\Steam.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\Ohjelmatiedostot\Mozilla Firefox\firefox.exe
C:\HJThis(älä koske)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Milläs muuten tätä pystyy opiskelemaan, että tietää mitä voi poistaa, vai onko tavalliselle pulliaiselle mahdoton tehtävä?

 

Mun moka, se on MS Ins Config

Fixaa tämä:

O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing)

Ja sammuta MS Ins Config -service, kuten edellä.

Käynnistä uudelleen ja lähetä uusi HjT-loki.

Täällä esim. tietoa ihan suomeksi ->
http://www.virustorjunta.net/modules.php?name=Forums&file=viewtopic&t=2519

 

Tässä.
Logfile of HijackThis v1.99.1
Scan saved at 14:10:44, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\Valve\Steam\Steam.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\Ohjelmatiedostot\BitComet\BitComet.exe
C:\Ohjelmatiedostot\Mozilla Firefox\firefox.exe
C:\OHJELM~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\OHJELMATIEDOSTOT\LOGITECH\VIDEO\ALBUMDB2.EXE
C:\OHJELMATIEDOSTOT\LOGITECH\VIDEO\FXSVR2.EXE
C:\HJThis(älä koske)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Kiitos linkistä. Täytyy katsella sitä, luulen vähän että voi mennä mulla yli ymmärryksen , mutta tutkitaan.

 

Näköjään tossa olikin vielä pari juttua, jäi huomaamatta

Fixaa nämä:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com (jos ei haluttu selaimen aloitussivu)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

 

Logfile of HijackThis v1.99.1
Scan saved at 15:07:52, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\Valve\Steam\Steam.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\OHJELMATIEDOSTOT\LOGITECH\VIDEO\ALBUMDB2.EXE
C:\OHJELMATIEDOSTOT\LOGITECH\VIDEO\FXSVR2.EXE
C:\OHJELM~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE
C:\Ohjelmatiedostot\Mozilla Firefox\firefox.exe
C:\HJThis(älä koske)\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Joko rupee olemaan kuosissa?

 

Ei vielä, yks rivi ei lähtenyt.

Fixaa tämä vikasietotilassa:

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

Käynnistä uudelleen ja lähetä uusi HjT-loki.

 

Tuo ei taija lähtee muuten ku rekisterissä tonne

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions

ja poistaa ton cslidin {946B3E9E-E21A-49c8-9F63-900533FAFE15}

 

Logfile of HijackThis v1.99.1
Scan saved at 15:47:50, on 7.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe
C:\Ohjelmatiedostot\QuickTime\qttask.exe
C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Ohjelmatiedostot\WinZip\Wzqkpick.exe
C:\WINDOWS\system32\mshta.exe
C:\HJThis(älä koske)\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ohjelmatiedostot\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Ohjelmatiedostot\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Ohjelmatiedostot\Valve\Steam\\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Ei lähtenyt vikasiedossa. tuo 09

Sori. Ei oikein ymmärtänyt mitä tuossa ajettiin takaa.

Sit vielä yks asia kummastuttaa... Eli käyttäjätilissä näkyy joku ASP.NET Machine A... tili. Mikähän se on?

 

Eli suorita -> regedit
Mene HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions ja poista tämä arvo -> {946B3E9E-E21A-49c8-9F63-900533FAFE15}

 

Poistettu. Taisi selvitä mikä se käyttäjätili on. Taitaa liittyä tuohon Microsoft .Net Framework juttuun vaan. Kiitoksia avuista!

 

Juu, siihen se liittyy. Ja ole hyvä

 

Tässä oli uusi loki. Pistin sen tänne vanhan perään niin ei tarvi tehdä uutta viestiä. Tarvii rajata mahdollisia syitä pois mikä mikä aiheuttaa koneen kaatuilua.

Logfile of HijackThis v1.99.1
Scan saved at 21:54:31, on 24.1.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmat\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Ohjelmat\Nero\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Ohjelmat\Winamp\winampa.exe
D:\Ohjelmat\DAEMON Tools\daemon.exe
D:\Ohjelmat\ConnectKeepAlive\ConKeepM.exe
D:\Ohjelmat\SpywareGuard\sgmain.exe
D:\Ohjelmat\SpywareGuard\sgbhp.exe
D:\Ohjelmat\EVEREST Home Edition\everest.bin
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Ohjelmat\Disk keepper lite\DKService.exe
D:\Ohjelmat\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Ohjelmat\RivaTuner v2.0 RC 15.8\RivaTuner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Ohjelmat\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Ohjelmat\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [InCD] D:\Ohjelmat\Nero\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Ohjelmat\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - Startup: Connection Keeper.lnk = D:\Ohjelmat\ConnectKeepAlive\ConKeepM.exe
O4 - Startup: SpywareGuard.lnk = D:\Ohjelmat\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124970067731
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53A1BA27-B57E-49F9-A96A-C110F9BA0F9E}: NameServer = 193.210.19.19 193.210.18.18
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Ohjelmat\Disk keepper lite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Ohjelmat\Nero\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

Puhdashan tuo on, jos olet varma tuon "Connection Keeper" ohjelman turvallisuudesta. Itse en siitä liikaa tietoa löytänyt, jotta voisin sanoa onko siinä örkkejä, vai ei.

 

Se on ollut mulla alusta alkaen, eikä mulla ainakaan ole pahaa sanottavaa siitä. Mut kiitos tarkistuksesta!

 

Eipä mitään. Suosittelisin vieläkin sen SP2:n asentamista.... Nythän olet jo tuon SP1:n koneellesi laittanut, joten mikset samalla päivittänyt sitäkin?

 

Se ei suostu asentumaan. Sen takia. ilmoittaa jotain kernel virhettä tai jotain sinne päin kun ei muista ihan tarkkaan.

EDIT: "Tämän tietokoneen käynnistämiseen käytettävä ydintiedosto (kernel) ei ole Microsoft Windows-tiedosto. Service Packia ei asenneta."
Siis tuollaista ilmoittelee kun yritän asentaa.