Logfile of HijackThis v1.99.1 Scan saved at 14:56:47, on 21.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\NORMAN\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\Program Files\QuickTime\qttask.exe C:\NORMAN\bin\ZLH.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\NORMAN\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\NORMAN\Nvc\bin\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\NIP.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\Nvc\bin\cclaw.exe C:\Program Files\Valve\Steam\Steam.exe C:\DOCUME~1\joni\LOCALS~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O2 - BHO: (no name) - {C0E29CB8-73DB-A80B-CC3A-E7793D0F6F18} - C:\DOCUME~1\joni\APPLIC~1\STOREB~1\Save more.exe (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Kopioi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P42 "EPSON Stylus Photo RX420 Series (Kopioi 1)" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Kopioi 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P42 "EPSON Stylus Photo RX420 Series (Kopioi 2)" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Rdr Acid Chin Army] C:\Documents and Settings\All Users\Application Data\clock ace rdr acid\settingsonce.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{7772F3AE-A68B-4EB4-96C7-6513D246E882}: NameServer = 62.148.192.130,62.148.192.131 O17 - HKLM\System\CS1\Services\Tcpip\..\{7772F3AE-A68B-4EB4-96C7-6513D246E882}: NameServer = 62.148.192.130,62.148.192.131 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Tuollainen... Mitäs vikana. Messenger on vissiin asennettu sponsoriohjelman kanssa.
Jos Mese+ on asennu sponsoriohjelman kanssa, niin siinä on vikaa ihan riittävästi Poista lisää/poista sovellus-kohdasta: Messenger Plus ! 3 Siirrä HjT [bold]omaan[/bold] kansioonsa tuolta tempistä, vaikka näin -> C:\DOCUME~1\joni\LOCALS~1\Temp\HijackThis.exe -> C:\hjt\HijackThis.exe Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked): O2 - BHO: (no name) - {C0E29CB8-73DB-A80B-CC3A-E7793D0F6F18} - C:\DOCUME~1\joni\APPLIC~1\STOREB~1\Save more.exe (file missing) O4 - HKLM\..\Run: [Rdr Acid Chin Army] C:\Documents and Settings\All Users\Application Data\clock ace rdr acid\settingsonce.exe Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944 Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: C:\DOCUME~1\joni\APPLIC~1\==>STOREB~1<== C:\Documents and Settings\All Users\Application Data\==>clock ace rdr acid<== C:\Program Files\==>Messenger Plus!3<== Käynnistä uudestaan ja lähetä uusi HjT-loki.
Mikäs palomuuri suojaa konetta? Mahtaisko olla windowsin oma? Ainakin Norman anti-virus on mutta vähän riittämätön ilman muuria.
