Vilkaisiskos joku login

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi dolmo 19.10.2005.

  1. dolmo

    dolmo Member

    Liittynyt:
    21.09.2004
    Viestejä:
    54
    Kiitokset:
    0
    Pisteet:
    16
    Auttakaa osaamatonta. =)

    Logfile of HijackThis v1.99.1
    Scan saved at 16:43:14, on 19.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\kernels32.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\kernels32.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Olli's\Hijck\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
    O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [ygvpqv] c:\windows\system32\ygvpqv.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16364137-9A08-4F64-82C9-EA6D0339F2BF}: NameServer = 85.255.113.90,85.255.112.5
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E685D864-C94E-468E-B3BD-A54D6E8F2E73}: NameServer = 85.255.113.90,85.255.112.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16364137-9A08-4F64-82C9-EA6D0339F2BF}: NameServer = 85.255.113.90,85.255.112.5
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    dolmo, 19.10.2005
    #1
  2.  
  3. Zipp2

    Zipp2 Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    376
    Kiitokset:
    0
    Pisteet:
    26
    Zipp2, 19.10.2005
    #2
  4. dolmo

    dolmo Member

    Liittynyt:
    21.09.2004
    Viestejä:
    54
    Kiitokset:
    0
    Pisteet:
    16
    Tuollasen se herjasi. Aika tiukkaa settiä. Kai.

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "RecordNow!" = (empty string)
    "NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
    "Acme.PCHButton" = "C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" ["Motive Communications, Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "HPHUPD05" = "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [file not found]
    "HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]
    "KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
    "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
    "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
    "VTTimer" = "VTTimer.exe" [file not found]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
    "PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [null data]
    "SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
    "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
    "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "NAV CfgWiz" = "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"" ["Symantec Corporation"]
    "Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
    "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
    "farmmext" = "C:\WINDOWS\farmmext.exe" [file not found]
    "ygvpqv" = "c:\windows\system32\ygvpqv.exe" [file not found]
    "System" = "C:\WINDOWS\System32\kernels32.exe" [null data]
    "ControlPanel" = "C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile" [file not found]
    "HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
    "hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
    "CamMonitor" = "c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [empty string]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {00000000-DD60-0064-6EC2-6E0100000000}\(Default) = "PynixObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Pynix.dll" [file not found]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    {CA356D79-679B-4b4c-8E49-5AF97014F4C1}\(Default) = "Starware" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]
    "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Resurssienhallinta"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    INFECTION WARNING! "Shell" = "Explorer.exe C:\WINDOWS\System32\kernels32.exe" [MS], [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\MATRIX~1.SCR" (Matrix Code.scr) ["MacSourcery"]


    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    D:\
    INFECTION WARNING! D:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]


    DESKTOP.INI DLL launch in local fixed drive directories:
    --------------------------------------------------------

    D:\cmdcons\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

    D:\MiniNT\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

    D:\hp\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

    D:\I386\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

    D:\PRELOAD\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]

    D:\TOOLS\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]


    Startup items in "Omistaja" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys
    "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
    "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

    "{D49E9D35-254C-4C6A-9D17-95018D228FF5}" = "Starware" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    "{2D51D869-C36B-42BD-AE68-0A81BC771FA5}" = "Starware" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    "{D49E9D35-254C-4C6A-9D17-95018D228FF5}" = "Starware"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    Explorer Bars

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\ = "Starware"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    HKLM\Software\Classes\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\ = "Starware"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\Program Files\Starware\bin\Starware.dll" [file not found]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [file not found]

    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]

    {B863453A-26C3-4E1F-A54D-A2CD196348E9}\
    "ButtonText" = "ICQ 4"
    "MenuText" = "ICQ Lite"
    "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Messenger"
    "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    Missing lines (compared with English-language version):
    [Strings]: 1 line


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
    Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
    SAVScan, SAVScan, "C:\Program Files\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"]
    Sygate Personal Firewall Pro, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
    Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 122 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 35 seconds.
    ---------- (total run time: 298 seconds)
     
    dolmo, 19.10.2005
    #3
  5. Zipp2

    Zipp2 Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    376
    Kiitokset:
    0
    Pisteet:
    26
    Ei näkynny SilentRunnerssin logissa sitä mitä luulin.

    Piilotiedostot näkyviin ohje tuolla

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Merkkaa nuo sulje selain ja paina Fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
    O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll (file missing)
    O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
    O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [ygvpqv] c:\windows\system32\ygvpqv.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16364137-9A08-4F64-82C9-EA6D0339F2BF}: NameServer = 85.255.113.90,85.255.112.5
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E685D864-C94E-468E-B3BD-A54D6E8F2E73}: NameServer = 85.255.113.90,85.255.112.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16364137-9A08-4F64-82C9-EA6D0339F2BF}: NameServer = 85.255.113.90,85.255.112.5


    Käynnistä sitte vikasietotilassa ja poista jos löytyy

    C:\WINDOWS\System32\msblank.html
    C:\WINDOWS\farmmext.exe
    c:\windows\system32\ygvpqv.exe
    C:\WINDOWS\System32\kernels32.exe
    C:\WINDOWS\System32\popcorn72.exe

    Käynnistä sitte normaalisti ja uus logi,niin nähään kuis kävi.






     
    Zipp2, 19.10.2005
    #4
  6. dolmo

    dolmo Member

    Liittynyt:
    21.09.2004
    Viestejä:
    54
    Kiitokset:
    0
    Pisteet:
    16
    Poistin tuon msblankin ja kernels32.exen, muita ei löytynyt. Oli se "näytä piilotiedostot" päällä.

    Jos tästä jotain hyvää seuraa niin tarjoan kahvit tai oluet. ;) Tervetuloa Helsinkiin siis.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:17:23, on 19.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Olli's\Hijck\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
    dolmo, 19.10.2005
    #5
  7. Zipp2

    Zipp2 Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    376
    Kiitokset:
    0
    Pisteet:
    26
    Jiihaa..olutta..röyyh.
    Logi on ok ja tuo taitaa olla semmonen kiikun kaakun hommeli,mutta sen pidosta tai pistosta saat päättää ite

    C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
     
    Zipp2, 19.10.2005
    #6
  8. dolmo

    dolmo Member

    Liittynyt:
    21.09.2004
    Viestejä:
    54
    Kiitokset:
    0
    Pisteet:
    16
    Deleteä vain sillekin.

    Kiitokset todella paljon!

    Mallaspirtelöä. Mmh.
     
    dolmo, 19.10.2005
    #7

Jaa tämä sivu