AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 2.6.2024 / 17:07
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hijack loki
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Hijack loki
  Siirry:
 
Kirjoittaja Viesti
FIN_Kla
Suspended due to non-functional email address
_ 		16. toukokuuta 2005 @ 18:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Taas on jotku möröt päässy koneelle kaikesta suojauksesta huolimatta ja ne avaa internet explorer popup:eja vaikka luulin koko explorerin poistaneeni...tässä ny tämä loki


Logfile of HijackThis v1.99.1
Scan saved at 22:11:32, on 16.5.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DitExp.exe
C:\Program Files\The All-Seeing Eye\eye.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Pelit\Half-Life 2\Steam.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\8Pallo\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fjvdeuklva.com/K_6xf0WNHZNkPwd3yZnr8WWrEK/0tvWRgW3Es7A...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Meowdoesidolsite] C:\Documents and Settings\All Users\Application Data\tick file meow does\Infocreative.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [PING WIPE] C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\First Browse.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + lainaa]
V-kos
Senior Member
_ 		16. toukokuuta 2005 @ 19:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
IE:tä ei kannata poistaa. Muuten et pysty päivittään windowssia ja tästä tullaankin siihen että sun windows ois päivityksen tarpeessa sp1 -> sp2 ja muut madon reiät.
[ + lainaa]
Toymaatti
Senior Member
_ 		17. toukokuuta 2005 @ 07:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Olet sitten asentanut MesePlussan uudestaan!! Ja melkein samat rivit löytyy nyt kuin viimeksikin.
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
FIN_Kla
Suspended due to non-functional email address
_ 		17. toukokuuta 2005 @ 09:40 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En oo asentanut...en tiiä miten ne on taas koneelle tullu! Mitkä siis poistan...ja mitä muita antispyware ohjelmia kannattaa olla ku Ad-Aware ja Spybot!
[ + lainaa]
jounis
Member

1 tuotearvio
_ 		17. toukokuuta 2005 @ 10:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Asenna Microsoossin oma Antispyware (entinen Giant antispyware)
Se on yks parhaita suojia spywarea vastaan, ja ainakin toistaiseks ilmainen.
[ + lainaa]
amishi
Junior Member
_ 		17. toukokuuta 2005 @ 10:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ad-awarella kaikki mömmöt lähtee!
[ + lainaa]
Toymaatti
Senior Member
_ 		17. toukokuuta 2005 @ 10:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Siirrä hjT kansioineen tuonne C:\hijackthis\HijackThis.exe

Poista Lisää/Poista sovelluksesta MessengerPlus3

Aja HjT, laita merkki noiden eteen,sulje selain ja muut ikkunat, klikkaa Fix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fjvdeuklva.com/K_6xf0WNHZNkPwd3yZnr8WWrEK/0tvWRgW3Es7A...
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Meowdoesidolsite] C:\Documents and Settings\All Users\Application Data\tick file meow does\Infocreative.exe
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [PING WIPE] C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\First Browse.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Käynnistä vikasietotilaan ja poista nuo
C:\Program Files\===>MessengerPlus! 3<===
C:\Documents and Settings\All Users\Application Data\==>tick file meow does<==
C:\DOCUME~1\8Pallo\APPLIC~1\==>OPENIN~1<==
==>mssw32.exe<==

Normaalikäynnistys, laita uusi HJT loki

No esim. MS Antispyware, mutta ehkä tärkein on haittaohjelmien asentumista estävä SpywareBlaster ;)
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
FIN_Kla
Suspended due to non-functional email address
_ 		18. toukokuuta 2005 @ 18:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 22:50:53, on 18.5.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\The All-Seeing Eye\eye.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fjvdeuklva.com/K_6xf0WNHZNkPwd3yZnr8WWrEK/0tvWRgW3Es7A...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Meowdoesidolsite] C:\Documents and Settings\All Users\Application Data\tick file meow does\Infocreative.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKCU\..\Run: [PING WIPE] C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\First Browse.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe




Seurasin kyllä Toymaatin ohjeita kirjaimellisesti mut heti ku käynnistin tietokoneen uudestaan nii samat möröt sinne oli taas ilmetynyt! Pitääkö formatoida vai olisko viel joku jippo??
[ + lainaa]
Toymaatti
Senior Member
_ 		18. toukokuuta 2005 @ 19:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Onkohan sulla nyt joku ohjelma asennettuna joka estää rekisterimuutokset ja samalla nuo poistot. Tuliko mitään ilmoitusta kun poistelit?
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
Nyybä
Newbie
_ 		19. toukokuuta 2005 @ 18:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
APUA!!!! Kone on käyttäytynyt oudosti jo pari viikkoa. Veikkailen virusta. Löysin jo monta X:ää mutta en uskaltanu poistella itte. Tossa ois tuo logi.

Logfile of HijackThis v1.99.1
Scan saved at 21:35:41, on 19.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\valve\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Auttakaa Pliis!!!!!!! Kiitti jo etukäteen! :D
[ + lainaa]
meitsi
Toymaatti
Senior Member
_ 		19. toukokuuta 2005 @ 18:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Elähä hättäile kyllä sinä tästä seleviät.
MyBar/MyWay on nähtävästi jo poistettu mutta katso vielä Lisää/Poista sovelluksesta, jos jompikumpi näkyy niin poista.

Laita merkki noiden eteen HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Käynnistä vikasietotilaan(näppäile F8 käynnistyksenaikana)ja poista nuo kansiot
C:\Program Files\===>MyWay<===
C:\Program Files\Common files\===>updmgr<===
C:\Program Files\Common Files\===>GMT<===

Normaalikäynnistys ja ihmetellään että menikö koko touhu hukkaan... vai eikö mennyt?
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
Nyybä
Newbie
_ 		20. toukokuuta 2005 @ 13:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Toi ei suostu poistamaan tota tuolta lisää poista-sovelluksesta vaikka se siellä onkin.Poistanko käsi pelillä??? Vai mitä???
Kiitos nopeista vastauksista!! :D
[ + lainaa]
meitsi
Toymaatti
Senior Member
_ 		20. toukokuuta 2005 @ 15:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Katso onko sitä olemassakaan C:\Program Files\===>MyWay<===, jos on niin hae ensin netin korjauspalikka
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

Poista koko kansio vikasietotilassa. Onnistuiko?
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
Dietka
Member
_ 		20. toukokuuta 2005 @ 16:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hehheeee Toymaatilla täälläkin ohjattua virusten poistoa tarjolla :))
!OFFTOPIC!
[ + lainaa]
Nyybä
Newbie
_ 		20. toukokuuta 2005 @ 18:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tos ois toi uus loki onko siinä nyt jotakin??? :)

Logfile of HijackThis v1.99.1
Scan saved at 22:00:41, on 20.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\valve\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Kiitos muuten paljon avusta.PS. Se oli joku ihmeen gator ohjelma 8-D.
[ + lainaa]
meitsi
Toymaatti
Senior Member
_ 		20. toukokuuta 2005 @ 18:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Loki on OK :) Nytkö kone toimii kunnolla?
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
jepu010
Member
_ 		20. toukokuuta 2005 @ 20:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mäkin tein sitten sen hijackin ku sitä niin täällä hehkutetaan niin se löys aivan sairaasti jotai logitech desktop hässäköit. Vissii tost meiä webkamerast? Jos joku asiantuntija viittis kattoo ton lokin ja sit kertoo onko vaaraa tai korjattavaa.

Logfile of HijackThis v1.99.1
Scan saved at 0:10:34, on 21.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04605ac017186095f618/netzip/RdxIE601.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSha...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A878D43-61BF-4290-BE41-9B3245D709AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[ + lainaa]
Toymaatti
Senior Member
_ 		23. toukokuuta 2005 @ 08:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Fixaa tuo
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04605ac017186095f618/netzip/RdxIE601.cab
ja ne 018 rivit.
[ + lainaa]
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
jepu010
Member
_ 		23. toukokuuta 2005 @ 11:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kiitos vastauksesta.
[ + lainaa]
Nyybä
Newbie
_ 		27. heinäkuuta 2005 @ 14:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo tota noni taas minä tässä. En pysty pelaan cs:ssää koska pingi on niin......... taivaissa. Eikä Ad-Awarella löydy mitään,,,Spybot löytää altnet jutun mut ei poista koska on tapahtunut virhe etsinnässä (tulee muute joka kerta),,,Hijack loki(tulee pian). Ja sitte viel sellane juttu ku et mul on sellane netin korajuspalikka ku LSPFix nii se löytää tollaset:
mswsock.dll --- TCP/IP
winrnr.dll --- NTDS
rsvpsp.dll --- (Protocol Handler)

Hijack loki:
Logfile of HijackThis v1.99.1
Scan saved at 17:51:44, on 27.7.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Kiitos!!! jo näin valmiiksi.
:D
[ + lainaa]
meitsi
V-kos
Senior Member
_ 		27. heinäkuuta 2005 @ 17:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kyllä tuo puhtaalta näyttää. Kokeile löytääkö eScan mitään.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. heinäkuuta 2005 @ 17:22
Mainos
_ 		__
 
_
Nyybä
Newbie
_ 		28. heinäkuuta 2005 @ 15:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kiitos. Tota ku latasin tota ohjelmaa nii muistin et oli unohtanu sanoo et vaikka mulla on ihan hyvä netti (Elisa 512/512 asun netikan alueella) nii se lataa jotai 5-10 kt/s ja muutenkin hidastelee. :(

Kiiton avusta kaikille :-).
[ + lainaa]
meitsi

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. heinäkuuta 2005 @ 18:40
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hijack loki
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2024 AfterDawn Oy