Tuossa ois toisesta koneesta hjt loki

puliukko · May 12, 2006

Logfile of HijackThis v1.99.1
Scan saved at 18:58:46, on 12.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\asennukset\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Netunit32] wunit32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {89D36FC4-BD81-49B0-8AFE-3E7AB2071D95} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {966D28A9-9710-4FCB-9A97-5870D99A2421} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {F892FD1E-312E-43E6-80BE-7E37F3BEC6E7} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136544730904
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinAC v4 (WinAC) - Unknown owner - C:\WINDOWS\System32\klsuicbn.exe" -netsvcs (file missing)

puliukko · May 13, 2006

Onko tässä jotain vikaa?

-kemisti- · May 13, 2006

Lainaus foorumin säännöistä:

http://keskustelu.afterdawn.com/thread_view.cfm/2717

"11. Älä "töni" viestiketjuja ylöspäin näkyvyyden parantamiseksi. Mikäli viestiketju sisältää jotain tietoa, joka kuuluu alueen etusivulle, moderaattorit muuttavat viestin ilmoitukseksi."

Kyllä joku tähänkin ketjuun varmaan vastaa kun odotat kärsivällisesti
Koko homma perustuu vapaaehtoisuuteen ja silloin vastaamisessa ei ole mitään aikarajoja.

tapiiri · May 14, 2006

juuh on siä vikaa.
Lataappas ewido ja aja se noiden ohjeiden mukaan vikasietotilassa.

http://keskustelu.afterdawn.com/thread_view.cfm/269186

Lähetä uusi hijackki loki ja Ewidon raportti.

puliukko · May 16, 2006

Logfile of HijackThis v1.99.1
Scan saved at 20:40:24, on 16.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\asennukset\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Netunit32] wunit32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {89D36FC4-BD81-49B0-8AFE-3E7AB2071D95} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {966D28A9-9710-4FCB-9A97-5870D99A2421} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {F892FD1E-312E-43E6-80BE-7E37F3BEC6E7} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136544730904
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinAC v4 (WinAC) - Unknown owner - C:\WINDOWS\System32\klsuicbn.exe" -netsvcs (file missing)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:54:37, 16.5.2006
+ Report-Checksum: FC205A43

+ Scan result:

C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Adware.WinAD : Cleaned with backup

::Report End---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:47:35, 16.5.2006
+ Report-Checksum: 13F28EA6

+ Scan result:

C:\Program Files\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup

::Report End

tapiiri · May 16, 2006

Ruksaa nuo:

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O4 - HKLM\..\Run: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [Netunit32] wunit32.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [Windows Compliant] pckxpj.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe

Sammuta muut ikkunat ja paina Fix checked.

Käynnistä kone vikasietotilaan, etsi ja poista:

pckxpj.exe
klsuicbn.exe
wunit32.exe

Käynnistä normaalisti ja lähetä uusi hijack loki

puliukko · May 17, 2006

Logfile of HijackThis v1.99.1
Scan saved at 16:58:06, on 17.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\asennukset\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {89D36FC4-BD81-49B0-8AFE-3E7AB2071D95} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {966D28A9-9710-4FCB-9A97-5870D99A2421} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {F892FD1E-312E-43E6-80BE-7E37F3BEC6E7} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136544730904
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinAC v4 (WinAC) - Unknown owner - C:\WINDOWS\System32\klsuicbn.exe" -netsvcs (file missing)

Tuossa uusi loki.pckxpj.exe
klsuicbn.exe
wunit32.exe nimisiä tiedostoja ei löytynyt.Onko se sit ok?

Miitti · May 17, 2006

Jos joku viitsisi tässä samalla vilkaista mun listaa, niin kiva ois.

Logfile of HijackThis v1.99.1
Scan saved at 17:14:03, on 17.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\DVBViewer\Scheduler.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\RevConnect\DCPlusPlus.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a devices
O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Scheduler.lnk = C:\Program Files\DVBViewer\Scheduler.exe
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

tapiiri · May 17, 2006

@puliukko, jep loki ok.

@Miitti
Lataappas ewido ja aja se noiden ohjeiden mukaan vikasietotilassa.

http://keskustelu.afterdawn.com/thread_view.cfm/269186

Lähetä uusi hijackki loki ja Ewidon raportti.

puliukko · May 18, 2006

Suuret kiitokset tapiirille.

Miitti · May 18, 2006

Tässä logit:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 20:10:42, 17.5.2006
+ Report-Checksum: 4E5165E9

+ Scan result:

:mozilla.26:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned without backup
:mozilla.27:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.28:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.29:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.30:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.31:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.32:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
:mozilla.33:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
:mozilla.34:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
:mozilla.35:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.36:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
:mozilla.45:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.46:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.47:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.48:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.49:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup
:mozilla.54:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.55:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
:mozilla.103:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.104:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.105:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.106:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.107:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.108:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.109:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.110:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.111:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.116:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.117:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.118:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.119:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.120:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.121:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.122:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.123:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.124:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.125:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned without backup
:mozilla.159:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.165:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.168:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
:mozilla.195:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
:mozilla.230:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.231:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.232:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.233:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.234:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.236:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned without backup
:mozilla.249:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned without backup
:mozilla.297:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.313:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.314:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned without backup
:mozilla.336:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Estat : Cleaned without backup
:mozilla.345:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned without backup
:mozilla.374:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned without backup
:mozilla.386:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned without backup
:mozilla.426:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
:mozilla.456:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Overture : Cleaned without backup
:mozilla.464:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
:mozilla.465:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
:mozilla.466:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
:mozilla.472:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.473:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.474:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.475:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.504:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Spylog : Cleaned without backup
:mozilla.515:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.516:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.528:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Trafic : Cleaned without backup
:mozilla.568:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Yadro : Cleaned without backup
:mozilla.582:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.583:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.644:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.645:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.646:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned without backup
:mozilla.717:C:\Documents and Settings\FreshMeat\Application Data\Mozilla\Firefox\Profiles\nj1tsd9h.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup

::Report End

======================================================================

Logfile of HijackThis v1.99.1
Scan saved at 20:05:30, on 18.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\DVBViewer\Scheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a devices
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Scheduler.lnk = C:\Program Files\DVBViewer\Scheduler.exe
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

tapiiri · May 18, 2006

@Miitti

Ewido poisti vain keksejä. HJT-lokikin näyttää hyvältä .

Miitti · May 18, 2006

Kiitän!

tapiiri · May 19, 2006

Ole hyvä.

Log in or Sign up

Tuossa ois toisesta koneesta hjt loki

puliukko Regular member

puliukko Regular member

-kemisti- Active member

tapiiri Regular member

puliukko Regular member

tapiiri Regular member

puliukko Regular member

Miitti Regular member

tapiiri Regular member

puliukko Regular member

Miitti Regular member

tapiiri Regular member

Miitti Regular member

tapiiri Regular member

Share This Page

Log in or Sign up

Tuossa ois toisesta koneesta hjt loki

puliukko Regular member

puliukko Regular member

-kemisti- Active member

tapiiri Regular member

puliukko Regular member

tapiiri Regular member

puliukko Regular member

Miitti Regular member

tapiiri Regular member

puliukko Regular member

Miitti Regular member

tapiiri Regular member

Miitti Regular member

tapiiri Regular member

Share This Page

Useful Searches