Tässä olisi tarkistettavaa jollekin hieman. Logfile of HijackThis v1.99.1 Scan saved at 5:38:30, on 12.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Common\FSM32.EXE C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\F-SECU~1\1245240\Program\SERVIC~1.EXE C:\Program Files\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\1245240\program\fsbwsys.exe C:\Program Files\Anti-Virus\FSGK32.EXE C:\Program Files\Common\FSMA32.EXE C:\Program Files\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\1245240\Program\fspex.exe C:\Program Files\Common\FSMB32.EXE C:\Program Files\Common\FCH32.EXE C:\Program Files\Common\FAMEH32.EXE C:\Program Files\FSPC\fspc.exe C:\Program Files\Anti-Virus\fsav32.exe C:\Program Files\FWES\Program\fsdfwd.exe C:\Program Files\FSGUI\fsguiexe.exe C:\Documents and Settings\esiasennettu\Omat tiedostot\Ladatut\utorrent\utorrent.exe C:\WINDOWS\system32\igfxsrvc.exe C:\hjt\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.suomi24.fi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file) O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\FSPC\fspcmsie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: F-Secure Internet Security 2005 OEM (BackWeb Plug-in - 1245240) - Unknown owner - C:\PROGRA~1\F-SECU~1\1245240\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\1245240\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
OK! Kiitos, ajattelin että olisi ollut enemmänkin fixaamista kun pääsi tuo Spytrooper käymään koneella jonka kyllä sain pienen kikan kanssa pois. Ajattelin että siitä olisi vielä jäänyt jotain. Piti kuitenkin vielä kysästä joltain fixummalta kuin itse.
No. Eihän tuosta lokista kaikkea näe. Hae Ewido > http://keskustelu.afterdawn.com/thread_view.cfm/269186 Tee ohjeiden mukaan ja lähetä sen raportti tänne. Saman jutun voisit tehdä eScanille > http://koti.mbnet.fi/pattaya1/escanmwav.htm Kopioi ne "örkki"tulokset siitä alalaatikosta, ja lähetä tänne. Muista päivittää molemmat ennen scannausta
ewidon raportti: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:54:18, 12.1.2006 + Report-Checksum: 36153B80 + Scan result: No infected objects found. ::Report End tuon eScanin käyn myöhemmin.
Enpä usko, että sekään mitään löytää. Puhdas taitaa kone olla =) Aja kuitenkin ihan varmuuden vuoksi vielä se eScan kuitenkin.
