Ongelma on seuraavanlainen. En pääse millään salatuille (HTTPS-sivut) sivuille. Kone kieltäytyy yksinkertaisesti menemästä. Sivua ei löydy. Ongelma alkoi sen jälkeen kun yhteyden palveluntarjoajan reititin hajosi ja uusi asennettiin. Muualta kuulemma pääsee näille sivuille. Sammutin palomuurin, muttei mitään vaikutusta. Kokeillut monia eri kikkoja mitä SP2 olisi voinut tuoda tulessaan. (Windowsin sivuilla oli ohje sikermä) Ei auttanut sekään. Mutta tässä olisi HJT-logi. Jos siitä olisi mitään apua.... Logfile of HijackThis v1.99.1 Scan saved at 22:37:39, on 2.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hattrick Buddy\Hattrick Buddy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wlpr.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WindowsIE.clsIS - {2E12B523-3D4C-4FAC-9B04-0376A8F5E879} - c:\windows\WindowsIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digimax Viewer 1.0.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106867822731 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O18 - Protocol: bw+0 - {6D3C2E86-E3DE-4A9E-9508-3AD7759646ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Kaikki apu otetaan ilolla vastaan.
Tästä en ainakaan mitään todella pahaa näe. Mm. Seuraavat voit fixata, käynnistyvät turhaan: do a system scan only, merkkaa ja paina fix cheked. O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digimax Viewer 1.0.lnk = ? Lataa tuosta viel ewido. -> http://www.ewido.net/en/download/ Päivitä ja aja koko kone läpi. Lähetä sen Raportti tähän alle.
Tossapa olisi... Noi poistin... Ei kai mitään isompaa? --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 12:02:18, 3.12.2005 + Report-Checksum: BF7019FD + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2E12B523-3D4C-4FAC-9B04-0376A8F5E879} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E12B523-3D4C-4FAC-9B04-0376A8F5E879} -> Spyware.InetSpeak : Cleaned with backup HKU\S-1-5-21-3472537672-2684493172-3054943470-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E12B523-3D4C-4FAC-9B04-0376A8F5E879} -> Spyware.InetSpeak : Cleaned with backup :mozilla.12:C:\Documents and Settings\Jani Lavikainen\Application Data\Mozilla\Firefox\Profiles\wnxz12ab.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\Documents and Settings\Jani Lavikainen\Application Data\Mozilla\Firefox\Profiles\wnxz12ab.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\Documents and Settings\Jani Lavikainen\Application Data\Mozilla\Firefox\Profiles\wnxz12ab.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Testi\Cookies\testi@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Testi\Cookies\testi@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Program Files\Tiscali\Tiscali Internet\dlls\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\Program Files\Tiscali\Tiscali Internet\dlls\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup ::Report End
Eipäs kun joo!!! Käynnistin koneen uudestaan ja nyt toimii... Olikohan jokin noista häirinnyt SSL:n toimintaa. Ihme homma!
