Kone hidastunut ja luultavasti jokin muuttaa IE aloitussivua.

Discussion in 'Virukset ja haittaohjelmat' started by zero007, Jul 1, 2006.

  1. zero007

    zero007 Member

    Joined:
    Feb 3, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    16
    Eli onko tässä koneessa jotain haitallista? Tämä ei ole sitten minun koneeni.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:51:35, on 1.7.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Aston\aston.exe
    C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Aston\XP\internat.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe
    D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Tapsa\Imuroidut\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocdybmwmvz.us/ejACbYq5iBqgLFYesRLyv6gl6k7siQaBuswlOsYn0qOFiDVN_/6DGad8s3U8Jc3Z.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwyUMXm1oPj0Q_zdybT0.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=D:\Aston\aston.exe ,svchost.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {19B3D165-993C-3250-E88D-6A274C4CC211} - C:\DOCUME~1\Marco\APPLIC~1\SITEBA~1\enc software.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Option Bird Draw Download] C:\Documents and Settings\All Users\Application Data\tons funk option bird\Way Log.exe
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Hyötyohjelmat\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [LDM] D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {6C3E7D55-38CD-469A-9352-CB5B2B6B285B} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {AE3FC1A7-1BDA-4FC7-A88A-53DFCBAEE999} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {D83AD5A9-68EA-421B-AE89-3F0BF15826F5} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118756372375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bw+0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    Sitten myös huomasin muunmuassa, että IE kotisivuksi määräytyy joku aivan ihmeellinen sivu ja jostain syystä koneen käynnistyksen jälkeen c kansio avutuu koneen työpöydälle. Kaikki ohjelmat ohjelmat oli muuten otettu pois käynnistymästä msconfigin avulla. Miten tämä muuten vaikuttaa F-Securen palomuuriin ja viirus ohjelmaan?
     
    zero007, Jul 1, 2006
    #1
  2. NUIJJA

    NUIJJA Active member

    Joined:
    Jan 12, 2005
    Messages:
    4,410
    Likes Received:
    0
    Trophy Points:
    66
    Muutahan nopiasti otsikkoa ennenkuin laittavat jumiin.
    http://keskustelu.afterdawn.com/thread_view.cfm/353421
    Edit:
    IE kotisivuksi joku aivan ihmeellinen, vaikka.

    Taitaa olla tuota tyyliä.

    Jos olet koittanut poistaa tuntematonta kotisivua pois koneelta Spybotilla tai Ad-Awarella eikä kumpikaan ole auttanut. Käytä seuraavaa ohjelmaa joka poistaa hijack + muut örkit IE:sta ja vähän muustakin mitä esim. Ad-Aware tai Spybot ei löydä.
    Auttaa myös jos kotisivuksi on ilmestynyt joku tuntematon sivu ja et sitä pysty muuttaman itse pois vaikka kuinka yrität muutella selaimen asetuksia / tai olet yrittänyt poistaa sitä rekisteristä. Auttaa myös jos selaimesi internet-asetuksien jokin välilehti on 'kadonnut' yms.
     
    Last edited: Jul 1, 2006
    NUIJJA, Jul 1, 2006
    #2
  3. Werewolf_

    Werewolf_ Regular member

    Joined:
    Dec 24, 2005
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    26
    eli fix:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ocdybmwmvz.us/ejACbYq5iBqgLFYesRLyv6gl6k7siQaBuswlOsYn...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwy...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {19B3D165-993C-3250-E88D-6A274C4CC211} - C:\DOCUME~1\Marco\APPLIC~1\SITEBA~1\enc software.exe (file missing)

    @NUIJJA
    Sanohan, puuttuuko tekstistäsi sanoja? Koska itse en ymmärtänyt ollenkaan mitä ajoit takaa O_O Ajattelin tässä ohimennen mainita asiasta :)
     
    Last edited: Jul 1, 2006
    Werewolf_, Jul 1, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hiukan lisää, tuo fixiin:

    O4 - HKLM\..\Run: [Option Bird Draw Download] C:\Documents and Settings\All Users\Application Data\tons funk option bird\Way Log.exe

    Ja nuo hakemistot pois:

    C:\Documents and Settings\All Users\Application Data\tons funk option bird
    C:\DOCUME~1\Marco\APPLIC~1\SITEBA~1

    Käynnistä uudelleen.

    Hae findlop ->
    http://metallica.geekstogo.com/findlop.zip

    Pura ja tuplaklikkaa findlop.bat
    Logi löytyy tuolta C:\findlop.txt

    Lähetä uusi HjT-loki ja C:\findlop.txt-tiedoston sisältö.
     
    -kemisti-, Jul 1, 2006
    #4
  5. zero007

    zero007 Member

    Joined:
    Feb 3, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    16
    Joo tein niinkuin kemisti ja werewolf neuvoivat. Ja logit tässä.

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'AA8FD29D918446A9.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\marco\applic~1\freetray\CampCreativeClose.exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'Marco'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 07/14/2005 21:00:00
    NextRun: 07/01/2006 20:00:00
    StartError: 0x80070002
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 06/13/2000
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'MP Scheduled Scan.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
    Parameters: 'Scan -RestrictPrivileges'
    WorkingDirectory: ''
    Comment: 'Scheduled Scan'
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 07/02/2006 1:49:00
    StartError: SCHED_S_TASK_HAS_NOT_RUN
    ExitCode: 0
    Status: SCHED_S_TASK_HAS_NOT_RUN
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 1
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 07/01/2006
    EndDate: 00/00/0000
    StartTime: 01:49
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'Scheduled scanning task.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exe'
    Parameters: ' /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt '
    WorkingDirectory: 'C:\PROGRA~1\ELISAT~1\ANTI-V~1'
    Comment: 'F-Secure Anti-Virus -ohjelman lisäämä tehtävä.'
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: INFINITE
    IdleWait: 5
    IdleDeadline: 999
    MostRecentRun: 05/26/2006 0:13:59
    NextRun: 07/07/2006 0:00:00
    StartError: S_OK
    ExitCode: 0x2
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 1
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 0
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Weekly
    WeeksInterval: 1
    DaysOfTheWeek: .....F.
    StartDate: 07/01/2006
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    Logfile of HijackThis v1.99.1
    Scan saved at 19:32:57, on 1.7.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Aston\aston.exe
    D:\Aston\XP\internat.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    D:\Hyötyohjelmat\hiiri\SetPoint\KEM.exe
    D:\Hyötyohjelmat\hiiri\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    D:\Tapsa\Imuroidut\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwyUMXm1oPj0Q_zdybT0.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: Shell=D:\Aston\aston.exe ,svchost.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Hyötyohjelmat\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [LDM] D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {6C3E7D55-38CD-469A-9352-CB5B2B6B285B} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {AE3FC1A7-1BDA-4FC7-A88A-53DFCBAEE999} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {D83AD5A9-68EA-421B-AE89-3F0BF15826F5} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118756372375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bw+0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    Huomasin tehtyäni werewolfin fixsit, että jokin pyrki muuttamaan taas IE kotisivua. F-Secure kuitenkin esti tämän, tai siis ilmoitti ainakin näin.
     
    zero007, Jul 1, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Fixaa tuo:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwy...[/b]

    Poista jos löytyy:

    c:\docume~1\marco\applic~1\freetray

    Hae KillBox

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Pura,avaa ja täppi kohtaan Delete on Reboot
    Sitte kopioi rivi tosta alapuolelta

    C:\WINDOWS\Tasks\AA8FD29D918446A9.job

    Sitten KillBoxissa ylhäältä File > Paste from Clipboard
    Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
    Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

    Lähetä sen jälkeen uus Hijack-logi.
     
    -kemisti-, Jul 1, 2006
    #6
  7. zero007

    zero007 Member

    Joined:
    Feb 3, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    16
    Joo tein taas pyytämäsi asiat. Tässä taas logi.
    Logfile of HijackThis v1.99.1
    Scan saved at 20:06:51, on 1.7.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    D:\Aston\aston.exe
    C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
    D:\Aston\XP\internat.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Hyötyohjelmat\hiiri\SetPoint\KEM.exe
    D:\Hyötyohjelmat\hiiri\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    D:\Tapsa\Imuroidut\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwyUMXm1oPj0Q_zdybT0.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: Shell=D:\Aston\aston.exe ,svchost.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Hyötyohjelmat\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Hyötyohjelmat\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
    O4 - HKCU\..\Run: [LDM] D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {6C3E7D55-38CD-469A-9352-CB5B2B6B285B} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {AE3FC1A7-1BDA-4FC7-A88A-53DFCBAEE999} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {D83AD5A9-68EA-421B-AE89-3F0BF15826F5} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118756372375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: bw+0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {20FC2182-0D06-4318-8DD2-2622C91754B5} - D:\Hyötyohjelmat\hiiri\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Hyötyohjelmat\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    Voiko olla mahdollista, että F-Secure estää tuon kotisivun muuttamisen?
     
    zero007, Jul 1, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Ei F-secure, mutta windows defender kyllä.

    Avaa Windows Defender.
    Klikkaa Tools ja General Settings.
    Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
    Tämän jälkeen klikkaa Save ja sulje Windows Defender.

    Fixaa sitten tuo:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qztiwqqebylwletomkmaumg.com/7KDf7_YbYOAXPYVWBYoFpz3hwy...

    Ja kerro pystytkö nyt muuttamaan kotisivua.
     
    -kemisti-, Jul 1, 2006
    #8
  9. zero007

    zero007 Member

    Joined:
    Feb 3, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    16
    Ei onnistunut fixsi, F-Secure ilmoitti vaan estävänsä mahdollisen selaimen kaappauksen. Sama juttu kun yritin muuttaa sitä osoitetta käsin. Poistin kokonaan myös defenderin, eikä sekään auttanut asiaa.

    Edit. Toimiiko F-Secure, jos sen poistaa Msconfigin avulla käynnistyslistasta?
     
    Last edited: Jul 1, 2006
    zero007, Jul 1, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Älä missään nimessä poista f-securea käynnistymästä msconfigin kautta! Sen sijaan yritä löytää sen asetuksista anti-spyware ja sieltä taas tuo kotisivu-kohta tms.
     
    Last edited: Jul 1, 2006
    -kemisti-, Jul 1, 2006
    #10
  11. zero007

    zero007 Member

    Joined:
    Feb 3, 2006
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    16
    En ole aikomassakaan poistaa, koska tämä ei ole minun koneeni. ;) Koneen omistaja sen sijaan aikoo. Haluaisin tietää vaan toimiiko tämä sen jälkeen, kun sen on sieltä poistanut. Itse käytän Normannia jota virittelen tarpeisiini sopivaksi. Niin sain ton osoitteen muutetuksi, kunhan otin pois päältä selaimen hallinnan F-Securesta. Joten ongelma korjattu. Iso kiitos kaikille auttajille. :)

    Edit. Voiko ton !killbox kansion poistaa C kansiosta?
     
    Last edited: Jul 1, 2006
    zero007, Jul 1, 2006
    #11
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Voi poistaa ja ole hyvä :)
     
    -kemisti-, Jul 1, 2006
    #12
  13. NUIJJA

    NUIJJA Active member

    Joined:
    Jan 12, 2005
    Messages:
    4,410
    Likes Received:
    0
    Trophy Points:
    66
    @Werewolf_ ei puutu taisi tulla liikaa, en viitsinyt muokata enenpää. Lainattu suoraan CWShredderin ohjeesta, tuolla ilmesesti voi poistaa kotisivu kaappareita.. http://koti.mbnet.fi/pattaya1/cwshredder.htm
    Enpä laittanut linkkiä turhaan sotkemaan, arvelin että herrat tohtorit hoitavat asian, kuten yllä olevasta huomaa.
     
    NUIJJA, Jul 2, 2006
    #13
  14. Werewolf_

    Werewolf_ Regular member

    Joined:
    Dec 24, 2005
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    26
    jaajaa :)
     
    Werewolf_, Jul 4, 2006
    #14

Share This Page