Kone on joku ranskalaisvalmisteinen kannettava, P4, 2,4 GHz, 256 RAM. Kaivelen koneen tarkemmat specsit jos tarttee. Kone hidastelee rajusti, modeemiyhteys nettiin, viruspäivitys ajantasalla, palomuuri ok, scannattu ewidolla (löysi ja poisti 6 dialeria), putsattu CCleanerillä, kovo eheytetty. Voisiko joku viisaampi katsoa? Osa prosesseista googlen mukaan troijalaisia, mutta kuinka poistaa? Viisaammat neuvokaa. Kiitokset jo etukäteen! Logfile of HijackThis v1.99.1 Scan saved at 20:55:06, on 23.03.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOINTGR.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Apoint2K\Apntex.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe c:\program files\mcafee.com\shared\mcinfo.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.ch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://asxobe.t.rack.cc/hp.php (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FFB1 - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\msbdha.dll (file missing) O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [XXXNow_ch] c:\program files\comsoft\dialers\xxxnow_ch\xxxnow_ch.exe /noconnect O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Barre Privacy - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.ch O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,83/mcinsctl.cab O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Kyllä siellä puhdistettavaa on.... Puhdistusohjeet: 1. Päivitä Ewido, ÄLÄ skannaa vielä. 2. Lataa Intermuten CWShredder -> http://cwshredder.net/bin/CWShredder.exe Tallenna se työpöydälle, mutta ÄLÄ aja sitä vielä. 3. Käynnistä kone vikasietotilaan seuraavien ohjeiden mukaisesti: ->Käynnistä tietokone ->Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa ->Seuraavaksi pitäisi ilmestyä valikko ->Valitse valikosta vikasietotila. 4. Käynnistä CWShredder ja paina Fix. 5. Sitten käynnistä HijackThis, klikkaa do a system scan only ja merkkaa nämä rivit: (kaikkia rivejä ei välttämättä löydy enään) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.ch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://asxobe.t.rack.cc/sp.php (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://asxobe.t.rack.cc/sp.php (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://asxobe.t.rack.cc/hp.php (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://asxobe.t.rack.cc/hp.php (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: FFB1 - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} - C:\WINDOWS\msbdha.dll (file missing) O4 - HKLM\..\Run: [XXXNow_ch] c:\program files\comsoft\dialers\xxxnow_ch\xxxnow_ch.exe /noconnect O4 - HKLM\..\Run: [sys] regedit -s sys.reg Paina Fix checked 6. Laita piilotiedostot näkyviin -->Ohjauspaneeli-->Työkalut-->Kansion Asetukset-->Piilotetut tiedostot ja kansiot -->Valitse "Näytä piilotetut tiedostot ja kansiot"-->Ok 7. Sitten poistat seuraavat kansiot/tiedostot vaikka Oman tietokoneen kautta. (jos löytyy) C:\WINDOWS\-->msbdha.dll <- tiedosto C:\program files\-->comsoft <- kansio 8. Sitten käytä Windowsin "Etsi" toimintoa. Käynnistä-valikko "Etsi" ->Lisävaihtoehdot ->Raksi seuraaviin: -Etsi järjestelmäkansioista -Etsi piilotiedostoista ja -kansioista -Etsi alikansioista ->Hakusanaksi sys.reg Poista jos löytyy 9. Tyhjennä roskakori ja laita piilotiedostot takaisin piiloon -> (Teet niin kuin aikaisemmin mutta valitset "Älä näytä piilotettuja tiedostoja ja kansioita") 10. Skannaa ja puhdista koneesi Ewidolla, tallenna loki. 11. Käynnistä koneesi normaalisti. 12. Postita uusi HijackThis loki ja Ewidon loki, jotta näemme onko koneesi puhdas.
Kiitos, niinhän tuolla taitaa olla... Teen neuvotut temput ja ilmoitan mitä tapahtuu. Pääsen koneelle vasta illalla, joten postaan silloin lisää. Eilen illalla kone oli niin jumissa, etta sillä oli aivan turha yrittää nettiin.
Eli tässä ewido: --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 21:44:10, 24.03.2006 + Somme de contrôle: C36E6F03 + Résultats du scan: Pas de fichiers infectés trouvés! ::Fin du rapport Ja HJT Logfile of HijackThis v1.99.1 Scan saved at 22:25:30, on 24.03.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOINTGR.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\HJT\HijackThis.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Barre Privacy - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.ch O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,83/mcinsctl.cab O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe vieläkö näkyy jotain epäilyttävää?
Nyt on puhdas =) Dialerit voivat muuten modeemiyhteydellä kasvattaa puhelinlaskua, mutta siis nyt on kone puhdas. Koneella on paljon turhaan käynnistyviä ohjelmia, joten jos haluat vapauttaa muistia ja nopeuttaa käynnistystä, niin voit fixata nämä rivit HIjackThis:llä: O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Pitää fixata viela nuo rivit. Kone nopeutui jo eilen illalla ja netti pelasi ok. JaPK, kiitos vaivannäöstä!
