Tässä yksi

marko

2004-09-11 16:00:24

Logfile of HijackThis v1.97.7
Scan saved at 15:19:32, on 11.9.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Music\winamp old\winampa.exe
C:\Program Files\Creative\News\NewsUpd.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Documents and Settings\make\Työpöytä\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.suomi24.fi/keskustelu
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Palvelut (HKCU)
O9 - Extra button: Tuki (HKCU)
O9 - Extra button: SMS-viesti (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?1073222104734
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab

-------------------------
Tässäpä yksi Johon kokeenet saa ottaa kantaa... itse poistin siitä jotain

455

Äänestä

Vastaukset

Juu
2004-09-11 17:43:35
Kylä siellä on poistamista,mutta pistä uus logi tolla uusimmalla versiolla

http://koti.mbnet.fi/pattaya1/HijackThis.exe
- marko
  2004-09-11 18:19:39
  Logfile of HijackThis v1.98.2
  Scan saved at 18:14:40, on 11.9.2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
  C:\WINDOWS\System32\CTSvcCDA.exe
  C:\WINDOWS\System32\gearsec.exe
  C:\WINDOWS\system32\ZONELABS\vsmon.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\atiptaxx.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  D:\Music\winamp old\winampa.exe
  C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\system32\mapiicon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\make\Työpöytä\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.suomi24.fi/keskustelu
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [ADSL_A2] A2Installed
  O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
  O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra button: Palvelut - {1F890378-63A2-4C09-BE74-E0A5A0A076A7} - http://service.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: Tuki - {552FE095-7562-49C0-914B-BA820F63D48F} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: SMS-viesti - {BB4BC40B-722C-4FC1-8AA7-E2911349BA3A} - http://sms.kolumbus.fi/ (file missing) (HKCU)
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
  O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
  O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Tässä on uusin versio logista..
  
  Kiitos kun olet valmis auttamaan kokemattomampia
  
  onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa??
  
  vois itsekkin opetella näitä..
- Juu
  2004-09-11 18:59:48
  marko kirjoitti:
  Logfile of HijackThis v1.98.2
  Scan saved at 18:14:40, on 11.9.2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
  C:\WINDOWS\System32\CTSvcCDA.exe
  C:\WINDOWS\System32\gearsec.exe
  C:\WINDOWS\system32\ZONELABS\vsmon.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\atiptaxx.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  D:\Music\winamp old\winampa.exe
  C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\system32\mapiicon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\make\Työpöytä\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.suomi24.fi/keskustelu
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [ADSL_A2] A2Installed
  O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
  O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra button: Palvelut - {1F890378-63A2-4C09-BE74-E0A5A0A076A7} - http://service.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: Tuki - {552FE095-7562-49C0-914B-BA820F63D48F} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: SMS-viesti - {BB4BC40B-722C-4FC1-8AA7-E2911349BA3A} - http://sms.kolumbus.fi/ (file missing) (HKCU)
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
  O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
  O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Tässä on uusin versio logista..
  
  Kiitos kun olet valmis auttamaan kokemattomampia
  
  onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa??
  
  vois itsekkin opetella näitä..
  Kato Lisää/Poista paneelista jos tämä näkyy siellä,niin poista se
  
  NewsUpd
  
  Siirrä se HijackThis.exe omaan kansioon tonne
  C:/HjT/HijackThis.exe
  
  Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina FIX checked
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s p/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/s u/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/s b/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s p/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s tp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/s u/ymsgr/*http://www.yahoo.com
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.c ab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle 33v1d12.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Käynnistä sitte vikasietotilassa etsi ja poista jos löytyy
  
  system32.dll
  
  C:\Program Files\Creative\News\NewsUpd.exe /q
  - tuolta tuo News kansio
  
  >onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa<
  
  Tutki tuolla pikkasen
  
  http://koti.mbnet.fi/pattaya1/hjt7_ohjeita.htm

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Kela tukee virallisesti Pride-liikettä
Iso kiitos Kansaneläkelaitokselle tuen osoittamisesta myös vähemmistöille. Näin toimii vastuullinen valtiollinen koko k
08.06.2026 17:32Maailman menoa
58
3979
Pride-liputus närästää monissa Suomen kunnissa
Suomen lipun nostamisesta on laki. Pride‑liputuksesta ei. Kieltäytyviin kuntiin kohdistuu poliittista painostusta kuin k
09.06.2026 11:26Maailman menoa
14
2793
Jorma Lind kuollut
Ylen uutisankkurina 40 vuotta toiminut Jorma Lind on kuollut 85-vuotiaana. https://yle.fi/a/74-20230265 ARVl on näet
07.06.2026 22:24Maailman menoa
55
2006
Hitaille omat kassat
Kassoilla hidastelevat ärsyttävät. Menee heti loppupäivä pilalle, kun kauppareissu kestää hidastelijoiden takia. Näille
07.06.2026 09:53Maailman menoa
207
1655
Mikä on kaunein
Ja hellyttävin hetki irl kaivattusi kanssa?
07.06.2026 11:47Ikävä
72
1436
Mahdatko ymmärtää sitä
Mä en selviä jollei me jutella kunnolla. Tarvitsen sua siihen. Etkä sä voi sitä tietää kun en ole ilmaissut mutta olen
07.06.2026 19:23Ikävä
76
1290
Ensimmäisenä Helluntaina ei uudelleen kastettu KETÄÄN!
Raamattu kertoo, että Helluntaina kastettiin. Mutta vaikka Raamattu ei erikseen kerro tiedän VARMASTI Ettei
07.06.2026 22:41Kaste
691
1091
Kävisikö tällainen sopimus?
Olisitko valmis juttelemaan jo ensi viikolla kahden kesken?
08.06.2026 19:13Ikävä
90
1089
Olisit ollut niin
Minunlaiseni. Ehkä se on helmpompi kun emme kohtaa. Kipeältä se tuntui ettet valinnut minua
07.06.2026 17:50Ikävä
41
906
Mitä yhteistä sinulla
on kaivattusi kanssa? Sama musiikkimaku, tai huumorintaju, tai ehkä työpaikka? Vai ettekö tunne vielä niin hyvin?
07.06.2026 20:45Ikävä
55
904

Tässä yksi

Vastaukset

marko kirjoitti:

Luetuimmat keskustelut

Kela tukee virallisesti Pride-liikettä

Pride-liputus närästää monissa Suomen kunnissa

Jorma Lind kuollut

Hitaille omat kassat

Mikä on kaunein

Mahdatko ymmärtää sitä

Ensimmäisenä Helluntaina ei uudelleen kastettu KETÄÄN!

Kävisikö tällainen sopimus?

Olisit ollut niin

Mitä yhteistä sinulla

Arvi Lind suora muistolähetys tänään tv:ssä

Farmi-Amski ja Jucci Hellström - Sydämiä satelee - Onko tässä jotain enemmän?

Timo Soini - "Hannu ja kasvissyöjä puheet olivat huumoria"

Iso muutos TTK:hon - Yksi keskeinen hahmo pois

USU-gallup: Tyytymättömyys Orpon hallitukseen kasvanut

Ruoka on kallista koska kaupat VOI harrastaa kiskontaa

Arvi Lind Rip :(

MasterChef Suomi -tuomari Vappu Pimiä napauttaa Helena Puolakasta ja Henri Alenista

Hitaille omat kassat

Uusi Vain elämää -kausi - Voi tuottaa pettymyksen tästä syystä