Eli onko tässä kaikki kunnossa. Tuntuu vähän siltä että ei olis Logfile of HijackThis v1.99.1 Scan saved at 19:02:37, on 21.5.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\bin\ZLH.EXE C:\ATI-CPanel\atiptaxx.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Netropa\InetKb\Inetkb.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\bin\ZANDA.EXE C:\Program Files\MaxMusic\Bin\scServer.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe C:\Program Files\bin\NJEEVES.EXE C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Nvc\BIN\NIP.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Nvc\bin\cclaw.exe C:\Program Files\Nvc\BIN\npfmsg2.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wisptis.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe C:\Documents and Settings\Teemu\Työpöytä\HijackThis1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/7KOIhMTkVE-6VCttPhY.chm::/on-line.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31... O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8... O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://koti.sonkajarvi.net/activex/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52A6A322-562D-4913-8AB5-F8D77372B0A8}: NameServer = 195.74.0.47 195.74.0.55 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE O23 - Service: scMaxMusic - Unknown owner - C:\Program Files\MaxMusic\Bin\scServer.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/7KOIhMTkVE-6VCttPhY.chm::/on-line.exe O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file) O4 - Global Startup: BTTray.lnk = ? Jottai mömmöi ODOTA Toymaattia se tietää mitän nää hoidetaan. PS. Toymaatti voi sanoa pari sanaa tosta minne se HJT pitäisi laittaa
Siirrä HjT omaan kansioon tuonne C:\HjT\HijackThis.exe Laita piilotiedostot näkyviin http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339 Merkkaa nuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file) O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/7KOIhMTkVE-6VCttPhY.chm::/on-line.exe O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll Käynnistä vikasietotilaan, poista nuo c:\===>eied_s7.cab<=== C:\WINDOWS\system32\===>btxppanel.dll<=== Normaali käynnistys, miltäs nyt tuntuu?
