hjt-logi tutkittavaksi!

zamppaa · 10.10.2006

Logfile of HijackThis v1.99.1
Scan saved at 14:19:13, on 10.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\muamoawe.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{E4E18821-04E2-1035-1014-030310220166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Steam\Steam.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6BC97724-CDD3-4F4C-99CE-724A3F1AACB9} - C:\WINDOWS\System32\hyz.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [muamoawe] C:\WINDOWS\System32\muamoawe.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [muamoawe] C:\WINDOWS\System32\muamoawe.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: MS_update_0609_7723.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

AfterDawn

Daniii · 11.10.2006

Laita HijackThis_v1.99.1.exe omaan kansioon esim. C:/HJT/HijackThis_v1.99.1.exe

Lataa AVG antispyware tästä:
http://www.ewido.net/en/download/
tallenna se vaikka työpöydälle ja asenna ja päivitä se. Älä aja scannia vielä!

Poista ohjauspaneelin lisää tai poista sovelluksella:
[bold]
Toolbar888
PVModule tai PrintView (tai näihin viittaava)
[/bold]
Avaa hjt klikkaa do a system scan only ja merkitse seuraavat:
[bold]
O2 - BHO: (no name) - {6BC97724-CDD3-4F4C-99CE-724A3F1AACB9} - C:\WINDOWS\System32\hyz.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [muamoawe] C:\WINDOWS\System32\muamoawe.exe
O4 - HKCU\..\Run: [muamoawe] C:\WINDOWS\System32\muamoawe.exe
O4 - Global Startup: MS_update_0609_7723.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
[/bold]
... ja paina fix checked.

Tarkastuta tämä:
[bold]
C:\WINDOWS\SYSTEM32\instcat.dll
[/bold]
täällä
http://virusscan.jotti.org/ ja lähetä tulos tänne.

Käynnistä kone vikasietotilaan (räpyttele f8 käynnistyksen yhteydessä ja valitse avautuvasta valikosta vikasietotila). Laita myös piilotiedostot näkyviin ohje --> http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#40
Varmista vielä, että pahikset ovat poissa, poista nämä vielä manuaalisesti vikasietotilassa jos siis löytyvät:
[bold]
C:\Program Files\PrintView\
C:\Program Files\ToolBar888\
C:\Program Files\Common Files\{E4E18821-04E2-1035-1014-030310220166}
C:\WINDOWS\System32\muamoawe.exe
C:\WINDOWS\System32\hyz.dll
Tätä voit etsiä vaikka windowsin haku-toiminolla:
MS_update_0609_7723.exe
[/bold]

Nyt voit ajattaa tuon avg:n spyware-ohjelman vikasietotilassa minkä asensit aikaisemmin tarkempia ohjeita täällä:
http://www.virustorjunta.net/modules.php?name=Forums&file=viewtopic&t=5829

Lähetä AVG:n luoma raportti tähän viestiketjuun, lähetä myös uusi hjt-logi.

zamppaa · 11.10.2006

Uuusi Hjt-logi

Logfile of HijackThis v1.99.1
Scan saved at 17:47:36, on 11.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Steam\Steam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O21 - SSODL: IEFilter - {CFEDEB49-AA30-4F57-BA11-7EA5D0FB0AF5} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Daniii · 11.10.2006

Mitäs toi jotti sanos tosta --> C:\WINDOWS\SYSTEM32\instcat.dll

avgn logi vielä

Tämä fixiin:
O21 - SSODL: IEFilter - {CFEDEB49-AA30-4F57-BA11-7EA5D0FB0AF5} - C:\WINDOWS\system32\IEFilter.dll (file missing)

zamppaa · 11.10.2006

Joo elikkä se jottis sano tollasta:
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

Scanner result kaikki muut ok (not found) mut tua:AntiVir: Found Heuristic/Malware (probable variant)

Sori jos on sekava

joo unohin laittaa ton avg-login mutta se on tässä näin:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:30:04 11.10.2006

+ Scan result:

C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0019249.dll -> Adware.Softomate : No action taken.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020448.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020449.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020450.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020451.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020452.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020453.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020454.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020455.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020456.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020457.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020458.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020459.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020460.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020461.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020462.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020463.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020464.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020465.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020466.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020467.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020468.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020469.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020470.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020471.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020472.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020473.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020474.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020475.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020476.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020477.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020478.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020479.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020480.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020481.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020482.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020483.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020484.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020485.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020486.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020487.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020488.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020489.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020490.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020491.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020492.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020493.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020494.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020495.exe -> Trojan.Zapchast.ca : No action taken.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020496.exe -> Trojan.Zapchast.ca : No action taken.

::Report end

Daniii · 12.10.2006

Ewidon ohjeissa oli tällainen kohta:

# Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
# Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

Laita omaan ewidoosi asetus päälle että se pistä karanteeniin jos löytää nyt noilla asetuksilla millä scannasit se kyllä löysi mutta ei tehnyt mitään. Korjaa siis tämä asetus ja scannaa uusiks ja lähetä logi

zamppaa · 12.10.2006

Okei eli siin o se avg-logi ja uus hjt-logi

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:28:28 12.10.2006

+ Scan result:

C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0019249.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@ehg-talentumoyi.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Red_Baaryna\Cookies\red_baaryna@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020448.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020449.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020450.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020451.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020452.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020453.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020454.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020455.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020456.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020457.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020458.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020459.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020460.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020461.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020462.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020463.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020464.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020465.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020466.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020467.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020468.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020469.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020470.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020471.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020472.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020473.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020474.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020475.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020476.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020477.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020478.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020479.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020480.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020481.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020482.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020483.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020484.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020485.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020486.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020487.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020488.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020489.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020490.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020491.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020492.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020493.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020494.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020495.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D386FCC3-B122-4CC5-8E8E-2057F1AF9A8B}\RP15\A0020496.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 21:52:19, on 12.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Lite\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Daniii · 12.10.2006

Noniin nyt on puhdistettu suurimmat roskat pois Kannattaa ajattaa toi avg:n spywaresofta kerran parissa viikossa.

Suosittelen vielä päivittämään tuon windowsin, eli hae sp2 vaikka http://update.microsoft.com

zamppaa · 12.10.2006

Okei kiitoksia todella paljon!!!

Kirjaudu tai liity jäseneksi

hjt-logi tutkittavaksi!

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

hjt-logi tutkittavaksi!

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Daniii Regular member

zamppaa Member

Jaa tämä sivu

Hyödyllisiä hakuja