HJT:ssä näyttää olevan file missing kohtia virustorjunta softan kohdallakin, että onkohan koneellani kaikki varmasti toiminnassa ja kunnossa. Logfile of HijackThis v1.99.1 Scan saved at 11:49:05, on 28.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Alarm\zlclient.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/english/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Alarm\zlclient.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/english/ O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Päivitin tässä samalla messengerin uudenpaan versioon ja samalla asensin Plus-lisäosan(ilman sponsoriohjelmaa). Ajoin koneeni normaaliin tapaan läpi MS Antispywarella ja se löysi ilmeisesti jotain: Detected Threats Messenger Plus! Software Bundler more information... Details: Messenger Plus! is an add-on for MSN Messenger that is bundled with third-party adware programs. Status: Removed Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected c:\program files\messengerplus! 3\detoured.dll c:\program files\messengerplus! 3\lame_enc.dll c:\program files\messengerplus! 3\libsndfile.dll c:\program files\messengerplus! 3\richedhook.dll Infected registry keys/values detected HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences FirstLaunch 1138407314 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 LanguageFile Lang_Suomeksi.ini HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 DefaultConfiguration ”sähköposti” HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 SoftwareState 1138406450 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 AutoMsg5Start "C:\Program Files\MSN Messenger\msnmsgr.exe" /background HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\DefaultIcon C:\Program Files\MessengerPlus! 3\Resources\MsgPlusRes.dll,-2781 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /LOG:%1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsgPlus.Encrypted Encrypted Log File HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MessengerPlus3 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Archive LastArchiveTime 1138406450 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MsgPlus! Plugin HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MsgPlus! Plugin DisplayName Messenger Plus! 3 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MsgPlus! Plugin UninstallString "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MsgPlus! Plugin DisplayIcon C:\Program Files\MessengerPlus! 3\MsgPlus.exe,2 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 BinDir C:\Program Files\MessengerPlus! 3 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 LocalizationDir C:\Program Files\MessengerPlus! 3\Resources HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 PluginDir C:\Program Files\MessengerPlus! 3\Plugins HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameDll MsgPlusH.dll HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameExe MsgPlus.exe HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences\BossProtections\BossProtection0 Shortcut 544 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 FileNameLoader MsgPlusLoader.dll HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 SoftwareBuild 3146 HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 DefLanguageFile Lang_Suomeksi.ini HKEY_LOCAL_MACHINE\SOFTWARE\Patchou\MsgPlus2 InstallTime 1138406143 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences SystemLogWndX 200 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences SystemLogWndY 100 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences SystemLogWndWidth 500 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences SystemLogWndHeight 170 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences FirstTimeWizard 0 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\”sähköposti”\Preferences MigrateLevel 2 Annoin poistaa löydöt, mutta sen jälkeen ei kyllä enää Messenger Plus näytä käynnistyvän. Ilmeisesti kuuluvat Plus-lisäosaan nuo löydökset, eli voiko nuo poistetut tiedosto palauttaa ihan huoletta?
Joo eli toi MS Antispyware löysi pelkästään ton Mese Plussa, kun luuli, että on sponsoriohjelma asennettuna. Joku kertoo tarkemmin.
Tuossa opas ja alla pohdittiin sitä miksi Ms antispyware löytää sen. -> http://keskustelu.afterdawn.com/thread_view.cfm/1/280957#1691309 Voit siis huoletta pitää Messenger Plus lisäosan ja aina kun tarkistat Ms antispywarella niin laita ignore niinkuin oletuksena on.
OK, homma näyttäis selkeältä, ja jos toi hjt loki on kunnossa niin sitten ei muuta. Ja kiitos avustuksesta!
Ja tuohon "file missing" kohtaan sen verran, että se on luotettava vain 02, ja 03 riveillä. Muuten siihen ei voi luottaa.
Ja (no file) ajaa saman asian. Voi näkyä monella rivillä, mutta on luotettava vain 02- ja 03-riveillä.
