Sain linkin mis ois mun kuva ja latasin sen sieltä tyhmänä ja samaan aikaan lueskelin täällä mutta virhe oli jo tapahtunut... Miten sen saa pois?
Lataa tästä HJTInstall.exe *Tallenna HJTInstall.exe työpöydällesi. *Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. *Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. *Klikkaa Install. *Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. *Kun asennus on valmis, se käynnistää HijackThisin. *Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. *Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. *Liitä lokin sisältö seuraavaan vastaukseesi. *ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. *ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia. Lähetä loki hjt osioon --> http://keskustelu.afterdawn.com/forum_view.cfm/198
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:22:47, on 29.5.2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\TeamViewer3\TeamViewer_Host.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Labtec\Wireless Desktop\MOUSE32A.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINNT\explorer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll O2 - BHO: HTML Source Editor - {74E6FD24-0206-4E47-997D-BA6B88C8489D} - C:\WINNT\system32\CatchURL.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll O3 - Toolbar: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Wireless Desktop\MOUSE32A.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Host Process] C:\WINNT\Fonts\svchost.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [systec] C:\Program Files\Common Files\System\systec.exe O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0 O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Labtec langaton työpöytä.lnk = C:\Program Files\Labtec\Wireless Desktop\Labtec Wireless Desktop\MagicKey.exe O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor Apache Servers.lnk = E:\Apache\bin\ApacheMonitor.exe O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apache2.2 - Apache Software Foundation - E:\Apache\bin\httpd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: wampmysqld - Unknown owner - E:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 9644 bytes
Mulla on juuri sama ongelma.. Kaveri lähetti mesessä jotain semmosta, että: Katko, oletko tässä kuvassa tjsp. Noh, mähän katsoin. Voinko tehdä tuon saman jutun ku toi toinenki kaveri? Mun kone on ihan sekasi. Joku virus tulee koko ajan uudestaan ja uudestaan f securen kautta poistettavaksi/ puhdistettavaksi. Pitäs hirttää munistaan nuo virusten tekijät! Mulle on kans alkanu tulee mainoksia, vaikka ennen ei oo.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09:40, on 29.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\F-SECU~1\backweb\4436233\Program\SERVIC~1.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\backweb\4436233\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\F-Secure Internet Security\backweb\4436233\Program\fspex.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plaza.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [f4f39103] rundll32.exe "C:\WINDOWS\system32\mejhgdcr.dll",b O4 - HKLM\..\Run: [BMf7c0a29f] Rundll32.exe "C:\WINDOWS\system32\poixuhjk.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\F-Secure Internet Security\backweb\4436233\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158228204285 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL...-jc.cab&File=jinstall-6u6-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Download Manager -ohjelman säätö) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\F-SECU~1\backweb\4436233\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4436233\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe -- End of file - 11751 bytes
Tuolla HTJ paikassa luki jotai,että lähetä asianomaiselle topicille. Tai sitten en edes löytänyt oikeaa paikkaa. Tuo linkki tuossa oppaassa avas vaan jonku sivun, jossa oli vaikka mitä.(Digitelevisioista pelikonsoleihin)
Kiitti avusta. Toivottavasti kaikki selviää. Ku oon ottanu tuon login, tohon avautuu tommonen toinen hijackthis sivu. Mun ei vissiin kannata sulkea sitä, vaan sillä tehdään se puhdistus sitte?
Onko toi yhtä luotettava kuin ihmisen lukema ? vai miten toi hijack nyt sitte toimiikaa ? ei tarttis aina postailla tänne foorumii hijackkeja
Siis, jos on virus, "Hijackaan" koneen ja lähetän sen tonne http://hijackthis.de/en ? niinkö? entä sitten? auttakaa, en jaksa tuota virusta enää.
