Jamba pop-uppia iskee aina vähä välii ni oisko täs jotai vikaa. Ad-awarella, spyware stormerilla ja Spybotilla oon jotaki poistellu mut ei auta... Logfile of HijackThis v1.99.1 Scan saved at 11:38:43, on 19.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: L:\WINDOWS\System32\smss.exe L:\WINDOWS\system32\winlogon.exe L:\WINDOWS\system32\services.exe L:\WINDOWS\system32\lsass.exe L:\WINDOWS\System32\Ati2evxx.exe L:\WINDOWS\system32\svchost.exe L:\WINDOWS\System32\svchost.exe L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe L:\WINDOWS\system32\rundll32.exe L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe L:\WINDOWS\system32\spoolsv.exe C:\Bluetooth-ohjelmisto\bin\btwdins.exe C:\Norton AntiVirus\navapsvc.exe C:\Norton AntiVirus\IWP\NPFMntor.exe L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe L:\WINDOWS\system32\Ati2evxx.exe L:\WINDOWS\Explorer.EXE L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe L:\Program Files\Analog Devices\SoundMAX\SMTray.exe L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe C:\Daemon Tools\daemon.exe C:\Razer\razerhid.exe L:\Program Files\Common Files\Symantec Shared\ccApp.exe L:\Program Files\Messenger\msmsgs.exe C:\Bluetooth-ohjelmisto\BTTray.exe C:\Razer\razertra.exe C:\Razer\razerofa.exe L:\WINDOWS\System32\wuauclt.exe L:\WINDOWS\System32\wpabaln.exe C:\BitComet\BitComet.exe L:\WINDOWS\system32\cmd.exe C:\WINZIP\wzqkpick.exe L:\WINDOWS\System32\msiexec.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Spyware Stormer] L:\Program Files\Spyware Stormer\SpywareStormer.Exe O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O20 - Winlogon Notify: App Management - L:\WINDOWS\system32\e4202efmgh2a2.dll O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
On siinä. Poista lisää/poista sovellus-kohdasta: Spyware Stormer Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: L:\Program Files\==>Spyware Stormer<== Käynnistä uudelleen. Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Lähetä myös uusi HjT-loki.
L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide] "Asynchronous"=dword:00000000 "DllName"="L:\\WINDOWS\\system32\\ktnsl7571.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (NI) ALLOW Full access NT-HALLINTA\SYSTEM (IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-NI) ALLOW Read BUILTIN\K„ytt„j„t (ID-IO) ALLOW Read BUILTIN\K„ytt„j„t (ID-NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat (ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM (ID-IO) ALLOW Full access LUOJA-OMISTAJA ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{8D431239-5D4B-328A-4D4A-99C98FC84B9D}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" @="" "{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places" "{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}"="" "{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}"="" "{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}"="" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1A36F470-3C80-4CE3-9935-59EE34AE6505}"="" "{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A9DC4469-41D3-49D5-BCC9-77E02D30DD51}\InprocServer32] @="L:\\WINDOWS\\system32\\djmodemx.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}] @="" [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F14EC7CD-1257-41AE-A5D6-749DDDC4B09A}\InprocServer32] @="L:\\WINDOWS\\system32\\mhpmsp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}] @="" [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CDAE3CD5-B4FF-4008-A20D-7BB6AD17BE49}\InprocServer32] @="L:\\WINDOWS\\system32\\hxetwiz.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A36F470-3C80-4CE3-9935-59EE34AE6505}\InprocServer32] @="L:\\WINDOWS\\system32\\sgclogon.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}] @="" [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CD7CD5C4-AC40-4626-8304-D3C41CF03DF4}\InprocServer32] @="L:\\WINDOWS\\system32\\rtvpsp.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: L:\WINDOWS\SYSTEM32\ gpp2l3~1.dll Sat 19 Nov 2005 2.22.20 ..S.R 235 997 230,46 K hxetwiz.dll Sat 19 Nov 2005 11.00.16 ..S.R 234 260 228,77 K jt2s07~1.dll Sat 19 Nov 2005 12.01.30 ..S.R 233 611 228,13 K jtl807~1.dll Sat 19 Nov 2005 10.04.26 ..S.R 235 892 230,36 K kt2sl7~1.dll Sat 19 Nov 2005 9.50.32 ..S.R 235 921 230,39 K ktnsl7~1.dll Sat 19 Nov 2005 11.55.48 ..S.R 237 222 231,66 K l8n4li~1.dll Sat 19 Nov 2005 0.54.00 ..S.R 235 467 229,95 K msssc.dll Sat 19 Nov 2005 0.17.32 A.... 44 0,04 K rtvpsp.dll Sat 19 Nov 2005 12.01.30 ..S.R 237 222 231,66 K sgclogon.dll Sat 19 Nov 2005 11.55.48 ..S.R 235 465 229,95 K 10 items found: 10 files (9 H/S), 0 directories. Total of file sizes: 2 121 101 bytes 2,02 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Asemalla L ei ole nime„. Aseman sarjanumero on 14C4-F2BE Kansio L:\WINDOWS\System32 19.11.2005 12:01 237ÿ222 rtvpsp.dll 19.11.2005 12:01 233ÿ611 jt2s07f7e.dll 19.11.2005 11:55 235ÿ465 sgclogon.dll 19.11.2005 11:55 237ÿ222 ktnsl7571.dll 19.11.2005 11:24 <KANSIO> dllcache 19.11.2005 11:00 234ÿ260 hxetwiz.dll 19.11.2005 10:04 235ÿ892 jtl8073ue.dll 19.11.2005 09:50 235ÿ921 kt2sl7f71.dll 19.11.2005 02:22 235ÿ997 gpp2l37o1.dll 19.11.2005 00:54 235ÿ467 l8n4li5q18.dll 19.11.2005 00:19 <KANSIO> Microsoft 9 tiedosto(a) 2ÿ121ÿ057 tavua 2 kansio(ta) 22ÿ202ÿ519ÿ552 tavua vapaana Logfile of HijackThis v1.99.1 Scan saved at 12:07:06, on 19.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: L:\WINDOWS\System32\smss.exe L:\WINDOWS\system32\winlogon.exe L:\WINDOWS\system32\services.exe L:\WINDOWS\system32\lsass.exe L:\WINDOWS\System32\Ati2evxx.exe L:\WINDOWS\system32\svchost.exe L:\WINDOWS\System32\svchost.exe L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe L:\WINDOWS\system32\rundll32.exe L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe L:\WINDOWS\system32\spoolsv.exe C:\Bluetooth-ohjelmisto\bin\btwdins.exe C:\Norton AntiVirus\navapsvc.exe C:\Norton AntiVirus\IWP\NPFMntor.exe L:\WINDOWS\system32\Ati2evxx.exe L:\WINDOWS\Explorer.EXE L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe L:\Program Files\Analog Devices\SoundMAX\SMTray.exe L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe C:\Daemon Tools\daemon.exe C:\Razer\razerhid.exe L:\Program Files\Common Files\Symantec Shared\ccApp.exe L:\Program Files\Messenger\msmsgs.exe C:\Bluetooth-ohjelmisto\BTTray.exe C:\WinZip\WZQKPICK.EXE C:\Razer\razertra.exe C:\Razer\razerofa.exe L:\Program Files\Internet Explorer\iexplore.exe L:\WINDOWS\System32\wuauclt.exe L:\WINDOWS\System32\wpabaln.exe L:\WINDOWS\System32\cmd.exe L:\WINDOWS\system32\ntvdm.exe L:\WINDOWS\system32\NOTEPAD.EXE L:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O20 - Winlogon Notify: SideBySide - L:\WINDOWS\system32\ktnsl7571.dll O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen. Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa. Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
l2mfix ei uudelleenkäynnistyksen jälkeen tehnyt mitään joten tuplaklikkasin tota second.bat juttua. Se jatko fixaamista, mutta sitte tuli "Käyttö estetty" onko normaalia? Se loppu siihen eikä näyttänyt lokia.
Tee se homma uudestaan. Jollei auta, niin hae täältä -> http://www.webroot.com/consumer/products/spysweeper/ spysweeper, asenna ja päivitä se. Käynnistä sitten vikasietotilaan(F8 käynnistyksen yhteydessä) ja skannaa sillä. Anna poistaa mitä löytää. Käynnistä normaalitilaan ja tee tämä uusiksi: Sulje ensin kaikki ohjelmat, koska kone käynnistyy uudelleen. Avaa l2mfix-kansio työpöydältä, tuplaklikkaa l2mfix.bat ja valitse valinta #2 (Run Fix) painamalla 2 ja enter , paina sitten mitä tahansa näppäintä, jolloin kone käynnistyy uudelleen. Käynnistyksen jälkeen työpöytä ja kuvakkeet häipyvät hetkeksi näkyvistä,se on normaalia. L2mfix jatkaa scannia ja kun se on valmis, loki avautuu muistioon. Kopioi se ja liitä tänne uuden hijackthis-lokin kanssa. Jos käynnistyksen jälkeen kuvakkeet eivät häviä tai loki ei avaudu muistioon, tuplaklikkaa l2mfix-kansiossa olevaa second.bat, jotta fixi jatkuu.
Spy Sweeperillä poistin noin 15 örkkiä ja kokeilin tota l2mfixiä uudestaan. Tällä kertaa ei tullut käyttö estetty ilmotusta vaan scannaus onnistui, mutta lokia ei näkynyt. HTJ logi tässä nyt kuitenkin: Logfile of HijackThis v1.99.1 Scan saved at 15:13:44, on 19.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: L:\WINDOWS\System32\smss.exe L:\WINDOWS\system32\winlogon.exe L:\WINDOWS\system32\services.exe L:\WINDOWS\system32\lsass.exe L:\WINDOWS\System32\Ati2evxx.exe L:\WINDOWS\system32\svchost.exe L:\WINDOWS\System32\svchost.exe L:\WINDOWS\system32\Ati2evxx.exe L:\WINDOWS\Explorer.EXE L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe L:\WINDOWS\system32\spoolsv.exe C:\Bluetooth-ohjelmisto\bin\btwdins.exe C:\Norton AntiVirus\navapsvc.exe C:\Norton AntiVirus\IWP\NPFMntor.exe L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Spy Sweeper\WRSSSDK.exe L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe L:\Program Files\Analog Devices\SoundMAX\SMTray.exe L:\Program Files\TW-IA300C ADSL\CnxDslTb.exe C:\Daemon Tools\daemon.exe C:\Razer\razerhid.exe L:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Spy Sweeper\SpySweeper.exe L:\Program Files\Messenger\msmsgs.exe C:\Bluetooth-ohjelmisto\BTTray.exe C:\WinZip\WZQKPICK.EXE L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Razer\razertra.exe C:\Razer\razerofa.exe L:\Program Files\Internet Explorer\iexplore.exe C:\mIRC\mirc.exe L:\WINDOWS\System32\wuauclt.exe L:\WINDOWS\System32\wpabaln.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] L:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Smapp] L:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "L:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Daemon Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] L:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] L:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SpySweeper] "C:\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "L:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth-ohjelmisto\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O20 - Winlogon Notify: WRNotifier - L:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - L:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Bluetooth-ohjelmisto\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - L:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - L:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
HjT-loki on kunnossa. Katso, onko siinä l2mfix-kansiossa työpöydällä joku lokitiedosto. Jos, niin lähetä se tänne. Onko vielä harmeja popupeista?
Jotain häikkää täs tuntuu vielki olevan. Ainaku vähän ajan kone ollu pääl ni kone tilee tai välil lsass.exe kaatuu.