Jokin mättää koneessa?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by anela, Feb 1, 2007.

  1. anela

    anela Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 15:29:35, on 1.2.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Power Manager and WLan RF OnOff\PM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\3U7K1H91\HijackThis_v1.99.1[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager and WLan RF OnOff\PM.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [bows army] C:\DOCUME~1\Omistaja\APPLIC~1\WAYMEE~1\Ballaxis.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt119YYFI
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anela04.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {69C2F191-D74A-11D4-B0E2-0050DA2DE7D8} - https://secure.fennia.fi/xsignfennia/client_bin/1.0.1.1/sfdsig.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
     
    anela, Feb 1, 2007
    #1
  2. Hujo

    Hujo Guest

    Poista HijackThis_v1.99.1 Lisää poista sovelutuksesta
    Poista myös MyWebSearch <-- tuohon viitavat lisää poista sovelutuksesta


    Lataa se tuolta uudestaan

    http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

    asenna naputtele numerojärjestyksessä

    1.Unzip
    2.OK
    3.Close

    scannaa paina nappia Do a system scan and save a logfile

    sitten merkkaa ja paina Fix checked

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxpt119YYFI
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)


    Käynnistä > suorita kirjoita alla olevat ja jokaisen rivin jälkeen paina enter

    sc stop NipSvc
    sc delete NipSvc

    Mene vikasietotilaan poista siellä

    C:\PROGRA~1\MYWEBS~1
    C:\Norman

    aja escan normaalissa tilassa

    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.


    Lähetä
    escan virusloki
    uusi hjt loki
     
    Hujo, Feb 1, 2007
    #2
  3. anela

    anela Guest

    No niin nyt n tehty kuten sanottu mutta
    en löytänyt tuta Normania mikä piti poistaa vikasietotilassa.

    Tässä escan virusloki:

    ed20.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3DTACTL.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.al. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3HISTSW.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3HTMLMU.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3HTTPCT.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.af. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3POPSWT.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.an. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3PSSAVR.SCR tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3RESTUB.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3SCHMON.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3SCRCTR.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.an. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\F3WPHOOK.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\M3IDLE.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ax. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\M3OUTLCN.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\M3SKIN.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ad. No Action Taken.
    File C:\RECYCLER\S-1-5-21-2052111302-507921405-1060284298-500\Dc1\bar\1.bin\MWSOEMON.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.

    Sitten loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:46:43, on 1.2.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Power Manager and WLan RF OnOff\PM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\kaspersky\mwavscan.com
    c:\kaspersky\kavss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager and WLan RF OnOff\PM.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [bows army] C:\DOCUME~1\Omistaja\APPLIC~1\WAYMEE~1\Ballaxis.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
    O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anela04.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {69C2F191-D74A-11D4-B0E2-0050DA2DE7D8} - https://secure.fennia.fi/xsignfennia/client_bin/1.0.1.1/sfdsig.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    anela, Feb 1, 2007
    #3
  4. Hujo

    Hujo Guest

    Tyhjennä roskakori

    aja Ccleaner

    lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja puhistaja > tutki > putsaa oikea alakulma
    aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.
     
    Hujo, Feb 1, 2007
    #4

Share This Page