Terve, Jos joku viittis vilkasta vähä tuota HjT:n logia, kun tuossa eilen huomasin, että windir32 näky prosesseissa ja sen poistelin(jos nyt lähti), niin että josko sillä ois jotain kavereita viel koneella. Kiitoksia vaan näin jo etukäteen. Logfile of HijackThis v1.99.1 Scan saved at 15:03:24, on 29.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\juha\ohjelmat\AVPersonal\AVGNT.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\juha\ohjelmat\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\JUHA\OHJELMAT\FRAPS\FRAPS.EXE C:\Juha\ohjelmat\GrabClipSave\GrabClipSave.exe C:\ajurit\MouseWare\system\em_exec.exe C:\JUHA\OHJELMAT\AVPERSONAL\AVGUARD.EXE C:\juha\ohjelmat\AVPersonal\AVWUPSRV.EXE C:\juha\ohjelmat\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\juha\ohjelmat\Kerio\Personal Firewall 4\kpf4gui.exe C:\juha\ohjelmat\Kerio\Personal Firewall 4\kpf4gui.exe C:\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\juha\ohjelmat\Acrobat Reader 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Juha\ohjelmat\AceGain LiveUptade\LiveUpdate.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\juha\ohjelmat\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [WinampAgent] C:\juha\ohjelmat\Winamp\winampa.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Fraps] C:\JUHA\OHJELMAT\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [GCS] "C:\Juha\ohjelmat\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [BitComet] "C:\Juha\ohjelmat\BitComet\BitComet.exe" O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124616033296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\JUHA\OHJELMAT\AVPERSONAL\AVGUARD.EXE O23 - Service: Apache - Unknown owner - C:\Juha\ohjelmat\Apache\Apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\juha\ohjelmat\AVPersonal\AVWUPSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\juha\ohjelmat\Kerio\Personal Firewall 4\kpf4ss.exe
Eipä tuolla mitään örkkirynnäkköä näy olevan. Merkkaa tuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa FIX O4 - Startup: PowerReg Scheduler V3.exe Jos haluat niin voisit vielä ajaa varmuudeksi tuon onlinescannerin http://www.kaspersky.com/virusscanner
