Tuollainen ilmoitus tapaa tulla 10 minuutin välein. F-secure ei löydä mitään, Escan ei löytänyt, SmitFraudFix ei löytänyt mitään eikä Sbybot! Eli miten sen saa pois?
No katotaanpas sitten mitä tämä löytää: Käy hae Hijackthis 1.99.1 ohjelma: Asenna ohjelma omaan kansioon, nimeä Hijackthis.exe--> scanner.exe:si. Avaa ohjelma, valitse sieltä "Do a system scan and save a logfile", ohjelma antaa ruutuun muistion jossa on logitiedosto, kopioi logi kokonaisuudessaan ja liitä se tänne seuraavaan vastaukseesi.
Tässä. Minkä tähden se piti uudelleen nimetä? Logfile of HijackThis v1.99.1 Scan saved at 18:48:35, on 16.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\Ohjelmat\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fsgk32st.exe E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\FSGK32.EXE E:\Ohjelmat\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe E:\Ohjelmat\F-Secure Internet Security\backweb\4476822\Program\fspex.exe E:\Ohjelmat\F-Secure Internet Security\Common\FSMA32.EXE C:\WINDOWS\system32\nvsvc32.exe E:\Ohjelmat\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\WINDOWS\Explorer.EXE E:\Ohjelmat\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe E:\Ohjelmat\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE E:\Ohjelmat\F-Secure Internet Security\Common\FAMEH32.EXE E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\WINDOWS\system32\RunDLL32.exe E:\Ohjelmat\F-Secure Internet Security\Common\FSM32.EXE E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fsrw.exe E:\Ohjelmat\F-Secure Internet Security\FWES\Program\fsdfwd.exe E:\Ohjelmat\F-Secure Internet Security\FSPC\fspc.exe E:\Ohjelmat\F-Secure Internet Security\FSGUI\ispnews.exe E:\Ohjelmat\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\uzcderaf.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\isc_ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe E:\Ohjelmat\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin.exe C:\WINDOWS\System32\svchost.exe E:\Ohjelmat\F-SECU~1\ANTI-S~1\fsaw.exe E:\Ohjelmat\F-Secure Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\svchost.exe E:\OHJELMAT\WINZIP\wzqkpick.exe E:\Ohjelmat\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\HJT\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Ohjelmat\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "E:\Ohjelmat\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [F-Secure Manager] "E:\Ohjelmat\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "E:\Ohjelmat\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Ohjelmat\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "E:\Ohjelmat\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Ohjelmat\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [uzcderaf.exe] C:\WINDOWS\system32\uzcderaf.exe O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PcSync] E:\Ohjelmat\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Ohjelmat\Adobe\Reader\reader_sl.exe O4 - Global Startup: F-Secure 2006.lnk = E:\Ohjelmat\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Microsoft Office.lnk = E:\Ohjelmat\Microsoft office\Office\OSA9.EXE O4 - Global Startup: TrayMin.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = E:\Ohjelmat\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\Ohjelmat\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Download with GetRight - E:\Ohjelmat\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - E:\Ohjelmat\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Ohjelmat\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Ohjelmat\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\Ohjelmat\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Ohjelmat\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Ohjelmat\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142684588328 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - E:\Ohjelmat\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Ohjelmat\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - E:\Ohjelmat\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Ohjelmat\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\Ohjelmat\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Ohjelmat\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Huhuu? Näkyykö tuossa mitään? Tuli mieleen vielä sellainen, että tuolla ohjauspaneelissa näkyy tämänniminen kuvake: System security center. Ja Windows on suomenkielinen ja siellä näkyy oikeakin Tietoturvakeskus.
