HijackThis logi

Discussion in 'Virukset ja haittaohjelmat' started by Shrimp, Jun 25, 2005.

  1. Shrimp

    Shrimp Member

    Joined:
    Jun 25, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Mitähän tost nyt pitäis korjailla? kone on jumittanu siihi mallii et vois tarvii apuu...

    Logfile of HijackThis v1.99.1
    Scan saved at 18:55:57, on 25.6.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Program Files\Opera\Opera.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nppuezuevsxgnhvittdju.co...nD8z7ExaSAdoKMYPq4cuPto7cXbvaoCKiW_RMoZ3.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.czicmmlqhrtle.uk/f2M4MGYxT7ngvtDeP3BQd6SfTdVChiIJr2P3K_Io5yU.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {D7EE5595-DD78-DB3D-F81E-7B60FF3A4EA6} - C:\DOCUME~1\jyrki\APPLIC~1\OWNSMU~1\Mess safe.exe
    O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
    O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [blue pure for itch] C:\Documents and Settings\All Users\Application Data\owns each blue pure\support two.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [dale bleh] C:\DOCUME~1\jyrki\APPLIC~1\MPEGAM~1\MediaBuild.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

     
    Shrimp, Jun 25, 2005
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    -kemisti-, Jun 30, 2005
    #2
  3. V-kos

    V-kos Regular member

    Joined:
    Mar 13, 2005
    Messages:
    1,345
    Likes Received:
    0
    Trophy Points:
    46
    Jaahas

    Poista Mese plussa. Löytyykö lisää/poista valikosta jotain My Search Bar tai vastaavaa virtelmää/muita outoja ohjelmia?

    Olethan tehnyt täys tarkistuksen MS Antispywarella?

    Hae Escan, päivitä, skannaa ja laita logi jos jotain löytyy.

    http://koti.mbnet.fi/pattaya1/escanmwav.htm

    Putsattavaa löytyy mutta tee nuo ensin.



     
    V-kos, Jun 30, 2005
    #3
  4. Shrimp

    Shrimp Member

    Joined:
    Jun 25, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    no nyt ku oon tenhny noi ja oon jotaa roskaa poistellukki ni logi on tollanen...

    Logfile of HijackThis v1.99.1
    Scan saved at 21:47:36, on 3.7.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Program Files\Cheating-Death\cdeath.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Opera\Opera.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.geokgbuwhqroiczeoo.com/f...nD8z7ExaSAdoKMYPq4fGViRK3O5FMICKiW_RMoZ3.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {D7EE5595-DD78-DB3D-F81E-7B60FF3A4EA6} - C:\DOCUME~1\jyrki\APPLIC~1\OWNSMU~1\Mess safe.exe
    O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [blue pure for itch] C:\Documents and Settings\All Users\Application Data\owns each blue pure\support two.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [dale bleh] C:\DOCUME~1\jyrki\APPLIC~1\MPEGAM~1\MediaBuild.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    et onko enää mitn poistettavaa?? ja toi MS Antispyware löys hijackin koneelt mutku poistan sen ni se on kumminki taas seuraavas scannissa et miten saan sen pois?
     
    Shrimp, Jul 3, 2005
    #4
  5. V-kos

    V-kos Regular member

    Joined:
    Mar 13, 2005
    Messages:
    1,345
    Likes Received:
    0
    Trophy Points:
    46
    [bold] Poista Messenger! plus [/bold]
    Poista myös MyWebSearch jos löytyi lisää/poista luettelosta

    Sulje ylimääräiset Ikkunat ja ohjelmat.
    Fixaa seuraavat rivit:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.geokgbuwhqroiczeoo.com/f2M4MGYxT7k4ihY_7/wEivzmnD8z7Ex...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.czicmmlqhrtle.uk/f2M4MGYxT7ngvtDeP3BQd6SfTdVChiIJr2P3K...
    R3 - Default URLSearchHook is missing
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {D7EE5595-DD78-DB3D-F81E-7B60FF3A4EA6} - C:\DOCUME~1\jyrki\APPLIC~1\OWNSMU~1\Mess safe.exe
    O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O4 - HKLM\..\Run: [blue pure for itch] C:\Documents and Settings\All Users\Application Data\owns each blue pure\support two.exe
    O4 - HKCU\..\Run: [dale bleh] C:\DOCUME~1\jyrki\APPLIC~1\MPEGAM~1\MediaBuild.exe

    Poista seuraavat kansiot:
    C:\Program Files\MySearch
    C:\DOCUME~1\jyrki\APPLIC~1\OWNSMU~1
    C:\Documents and Settings\All Users\Application Data\owns each blue pure
    C:\DOCUME~1\jyrki\APPLIC~1\MPEGAM~1

    Boottaa kone ja kokeile toimiiko. Laita vielä uusi logi.
     
    V-kos, Jul 3, 2005
    #5
  6. Shrimp

    Shrimp Member

    Joined:
    Jun 25, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    joo oon nyt noi tehny ja täs on uusin logi

    Logfile of HijackThis v1.99.1
    Scan saved at 18:44:03, on 4.7.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ypcflfpcmbqhijdptt.us/f2...nD8z7ExaSAdoKMYPq4fVnPlOxl_EyICKiW_RMoZ3.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Joko on kunnossa??
     
    Shrimp, Jul 4, 2005
    #6
  7. kwakki

    kwakki Member

    Joined:
    Jun 14, 2005
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Tota noin, jos muistan oikein mese plus ei häviä koneelta mihinkään vaikka poistat sen, kansioon jää kaikki filut. Poista rivit:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ypcflfpcmbqhijdptt.us/f2M4MGYxT7k4ihY_7/wEivzmnD8z7Exa...

    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart

    ps. Toi Steam vie muistia aivan himona, jos et käytä sitä sammuta se.

    [edit] korjattu tekstiä [/edit]
     
    Last edited: Jul 4, 2005
    kwakki, Jul 4, 2005
    #7
  8. Shrimp

    Shrimp Member

    Joined:
    Jun 25, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    joo tota ku teen scannin tol microsoft antispywarel ni se sanoo löytäväsä "possible browser hijack (browser modifier)ja ku mä positan sen siitä ni se on kuitenki taas siinä ku scannaan uusiks....ja toi sanoo et sen sijainti on "Internet explorer search bar:" mut en mä tot saa poistettuu=S
     
    Shrimp, Jul 4, 2005
    #8
  9. kwakki

    kwakki Member

    Joined:
    Jun 14, 2005
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    kwakki, Jul 4, 2005
    #9
  10. V-kos

    V-kos Regular member

    Joined:
    Mar 13, 2005
    Messages:
    1,345
    Likes Received:
    0
    Trophy Points:
    46
    Fixaa nuo kwakin aikaisemmin neuvomat vikasietotilassa ja poista mese+ kansio, tyhjennä tempit, väliaikaiset intenet tiedostot ja roskis. Boottaa kone

    Jos ei lähde, niin en vain osaa :)

     
    V-kos, Jul 4, 2005
    #10
  11. kirppuh

    kirppuh Member

    Joined:
    Feb 15, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    16
    Miksi messenger plus pitäisi poistaa? Ei siinä mitään mikaa ole mutta asennuksessa voi valita asentaako sen ilman mainoksia vai ei, oletuksena se asentaa mainoksia.
     
    Last edited: Jul 4, 2005
    kirppuh, Jul 4, 2005
    #11
  12. lam0r

    lam0r Guest

    mese plus on jo sinäänsä virus, se lataa itselleen netistä kavereita :D
     
    lam0r, Jul 6, 2005
    #12

Share This Page