Logi kaverin koneelta. Mitä kaikkia pitäisi poistaa Logfile of HijackThis v1.99.1 Scan saved at 17:15:48, on 22.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Labtec Wireless Desktop\OSD.EXE C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfyryhjfcaupp.com/iJ4r9msiyN3kfeUeeqxfabQKvZrzx1EWJSad84N2IB7LfFw2HXOhOD23y9nzu8PU.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DA86EB73-E808-BD8F-0B64-10CC42EE1ECC} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCfox000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Varmaksi en mene tästäkään sanomaan, mutta mielestäni on poistettava, eli älä mun snaomisen perusteella poista vaan antaa noiden parempien vahvistaa asiat ensin. O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) Ja sano kaverillesi että laittaa ton HjT:n polulle c:\hjt\ jossa sen "kuuluisi" olla.
Kuten W8m sanoi, pyydä kaveriasi laittamaan Hjt omaan hakemistoonsa (c:\hjt). W8m:än neuvoman lisäksi fiksaa: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfyryhjfcaupp.com/iJ4r9msiyN3kfeUeeqxfabQKvZrzx1EWJSad84N2... O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {DA86EB73-E808-BD8F-0B64-10CC42EE1ECC} - (no file) O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCfox000 Ajele vielä Ewido (vikasietotilassa, jonne pääset painamalla F8:a koneen käynnistyttyä) (ohjeet: http://keskustelu.afterdawn.com/thread_view.cfm/269186) ja lähetä tämän jälkeen sekä Ewidon että HjT:n loki.
Mahtaako Messenger Plus olla asennettu sponsoriohjelman kanssa? Ohjauspaneeli Lisää/poista sovellus Poista: MessengerPlus3 Fixaa: Avaa Hijackthis -> Do a system scan only -> Merkkaa -> Paina fix cheked. 01 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfyryhjfcaupp.com/iJ4r9msiyN3kfeUeeqxfabQKvZrzx1EWJSad84N2... O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {DA86EB73-E808-BD8F-0B64-10CC42EE1ECC} - (no file) O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCfox000 Hae ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Tee ohjeiden mukaisesti ja lähetä sen raportti tänne uuden Hjt lokin kera. Joku epätoivoinen kävi näköjään kokeilemassa onneaan. Poistahan toi lainaus myös NorttiBoy ettei turhaan sekoita, se on historia nyt. =) blade81 oli myös laittanut oikeat ohjeet mutta lisäsin Messenger Plus tähän. Oletkos blade81 vilkassut yksityisviestejä, siellä olisi yksi viesti.
