Nyt vihdoin sain koneen toimimaan, mutta arveluttaa vielä "roskat koneella". Tässä hijackthis logi, mutta ohjelman versio on ladattu pari vuotta sitten.. Kone on myös välillä erikoinen, sammuu itestään ja ei toimi kunnolla. Logfile of HijackThis v1.99.1 Scan saved at 15:06:58, on 15.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\SAUNAL~1\backweb\5006663\Program\SERVIC~1.EXE C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fsgk32st.exe C:\Program Files\Saunalahti Turvapaketti\backweb\5006663\program\fsbwsys.exe C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\FSGK32.EXE C:\Program Files\Saunalahti Turvapaketti\Common\FSMA32.EXE C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fssm32.exe C:\Program Files\Saunalahti Turvapaketti\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\Program Files\Saunalahti Turvapaketti\backweb\5006663\Program\fspex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Saunalahti Turvapaketti\Common\FCH32.EXE C:\Program Files\Saunalahti Turvapaketti\Common\FAMEH32.EXE C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fsqh.exe C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fsrw.exe C:\Program Files\Saunalahti Turvapaketti\FSPC\fspc.exe C:\Program Files\Saunalahti Turvapaketti\FWES\Program\fsdfwd.exe C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Saunalahti Turvapaketti\Common\FSM32.EXE C:\Program Files\Saunalahti Turvapaketti\FSGUI\ispnews.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\SAUNAL~1\ANTI-S~1\fsaw.exe C:\Program Files\Saunalahti Turvapaketti\backweb\5006663\Program\fspex.exe C:\Program Files\Saunalahti Turvapaketti\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jani\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Saunalahti Turvapaketti\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Saunalahti Turvapaketti\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Saunalahti Turvapaketti\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Saunalahti Turvapaketti\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Saunalahti Turvapaketti.lnk = C:\Program Files\Saunalahti Turvapaketti\backweb\5006663\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Saunalahti Turvapaketti\Anti-Spyware\blockpopups.htm O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Saunalahti Turvapaketti\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Saunalahti Turvapaketti\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Saunalahti Turvapaketti\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing) O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Saunalahti Turvapaketti\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Saunalahti Turvapaketti\Anti-Spyware\ieshield.dll O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176386604281 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\cd-db\fscax.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Saunalahti Turvapaketti (BackWeb Plug-in - 5006663) - Saunalahti Turvapaketti - C:\PROGRA~1\SAUNAL~1\backweb\5006663\Program\SERVIC~1.EXE O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Saunalahti Turvapaketti\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Saunalahti Turvapaketti\backweb\5006663\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Saunalahti Turvapaketti\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Saunalahti Turvapaketti\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Saunalahti Turvapaketti\Common\FSMA32.EXE O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
eipä lokissa silmään osu mutta aja tuosta escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne.
