Tässä olis nyt tämä, mitä pitää poistaa. Kiitoksia heille, jotka vastaavat!
Logfile of HijackThis v1.98.2
Scan saved at 23:40:56, on 26.8.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\ipnq.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\apirf.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\freescan\freescan.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Juhis\Local Settings\Temporary Internet Files\Content.IE5\I5HYVYD4\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://szhma.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://szhma.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://szhma.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Reppu internetliittymä
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A3AA010-1800-53BA-E16B-DD32344A479E} - C:\WINDOWS\ntqd32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [windows] hkey.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\System32\services\toolb.exe /u
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [apirf.exe] C:\WINDOWS\system32\apirf.exe
O4 - HKLM\..\Run: [ieli.exe] C:\WINDOWS\system32\ieli.exe
O4 - HKLM\..\Run: [iell32.exe] C:\WINDOWS\system32\iell32.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [javaen.exe] C:\WINDOWS\system32\javaen.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunServices: [windows] hkey.exe
O4 - HKLM\..\RunOnce: [ntrh.exe] C:\WINDOWS\system32\ntrh.exe
O4 - HKLM\..\RunOnce: [addvw.exe] C:\WINDOWS\addvw.exe
O4 - HKLM\..\RunOnce: [criv32.exe] C:\WINDOWS\system32\criv32.exe
O4 - HKLM\..\RunOnce: [sysgi.exe] C:\WINDOWS\sysgi.exe
O4 - HKLM\..\RunOnce: [appuh32.exe] C:\WINDOWS\appuh32.exe
O4 - HKLM\..\RunOnce: [javadl32.exe] C:\WINDOWS\system32\javadl32.exe
O4 - HKLM\..\RunOnce: [crgi.exe] C:\WINDOWS\system32\crgi.exe
O4 - HKLM\..\RunOnce: [ieuk.exe] C:\WINDOWS\ieuk.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\system32\iphj32.exe
O4 - HKLM\..\RunOnce: [d3nm32.exe] C:\WINDOWS\system32\d3nm32.exe
O4 - HKLM\..\RunOnce: [javaex32.exe] C:\WINDOWS\javaex32.exe
O4 - HKLM\..\RunOnce: [netlx32.exe] C:\WINDOWS\netlx32.exe
O4 - HKLM\..\RunOnce: [netkk.exe] C:\WINDOWS\netkk.exe
O4 - HKLM\..\RunOnce: [mfczf.exe] C:\WINDOWS\system32\mfczf.exe
O4 - HKLM\..\RunOnce: [sysfz32.exe] C:\WINDOWS\sysfz32.exe
O4 - HKLM\..\RunOnce: [winnu.exe] C:\WINDOWS\winnu.exe
O4 - HKLM\..\RunOnce: [appog.exe] C:\WINDOWS\system32\appog.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [ipkv32.exe] C:\WINDOWS\ipkv32.exe
O4 - HKLM\..\RunOnce: [addwu32.exe] C:\WINDOWS\addwu32.exe
O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\atlpk.exe
O4 - HKLM\..\RunOnce: [mfcsu.exe] C:\WINDOWS\system32\mfcsu.exe
O4 - HKLM\..\RunOnce: [netle32.exe] C:\WINDOWS\system32\netle32.exe
O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe
O4 - HKLM\..\RunOnce: [sdkvj32.exe] C:\WINDOWS\sdkvj32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.reppu.mtk.fi
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Spyware
4
672
Vastaukset
- Juu
Poista ensin se Kazaa sieltä Lisää/Poista paneelista.
Jos välttämättä haluat käyttää Kazaata,niin asenna sitte Kazaa Lite tämän operaation jälkeen.
Siirrä se HijackThis.exe omaan kansio tonne
C:/HjT/HijackThis.exe
Hae tuolta AboutBuster
http://www.subratam.org/?page=removal
Pura ja asenna se työpöydälle omaan kansioon
Sitte avaa se AboutBuster ja kato jos siihen löytyy päivityksiä.
Sulje se sen jälkeen.
Pistä piilotiedostot näkyviin,ohje tuolla
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
Käynnistä kone vikasietotilassa,scannaa Hijackillä merkkaa nuo, sulje selain ja kaikki muut avoimet ikkunat ja paina FIX checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://szhma.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://szhma.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://szhma.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\szhma.dll/sp.html#96676
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe
O2 - BHO: (no name) - {3A3AA010-1800-53BA-E16B-DD32344A479E} - C:\WINDOWS\ntqd32.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [windows] hkey.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\System32\services\toolb.exe /u
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [apirf.exe] C:\WINDOWS\system32\apirf.exe
O4 - HKLM\..\Run: [ieli.exe] C:\WINDOWS\system32\ieli.exe
O4 - HKLM\..\Run: [iell32.exe] C:\WINDOWS\system32\iell32.exe
O4 - HKLM\..\Run: [javaen.exe] C:\WINDOWS\system32\javaen.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunServices: [windows] hkey.exe
O4 - HKLM\..\RunOnce: [ntrh.exe] C:\WINDOWS\system32\ntrh.exe
O4 - HKLM\..\RunOnce: [addvw.exe] C:\WINDOWS\addvw.exe
O4 - HKLM\..\RunOnce: [criv32.exe] C:\WINDOWS\system32\criv32.exe
O4 - HKLM\..\RunOnce: [sysgi.exe] C:\WINDOWS\sysgi.exe
O4 - HKLM\..\RunOnce: [appuh32.exe] C:\WINDOWS\appuh32.exe
O4 - HKLM\..\RunOnce: [javadl32.exe] C:\WINDOWS\system32\javadl32.exe
O4 - HKLM\..\RunOnce: [crgi.exe] C:\WINDOWS\system32\crgi.exe
O4 - HKLM\..\RunOnce: [ieuk.exe] C:\WINDOWS\ieuk.exe
O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\system32\iphj32.exe
O4 - HKLM\..\RunOnce: [d3nm32.exe] C:\WINDOWS\system32\d3nm32.exe
O4 - HKLM\..\RunOnce: [javaex32.exe] C:\WINDOWS\javaex32.exe
O4 - HKLM\..\RunOnce: [netlx32.exe] C:\WINDOWS\netlx32.exe
O4 - HKLM\..\RunOnce: [netkk.exe] C:\WINDOWS\netkk.exe
O4 - HKLM\..\RunOnce: [mfczf.exe] C:\WINDOWS\system32\mfczf.exe
O4 - HKLM\..\RunOnce: [sysfz32.exe] C:\WINDOWS\sysfz32.exe
O4 - HKLM\..\RunOnce: [winnu.exe] C:\WINDOWS\winnu.exe
O4 - HKLM\..\RunOnce: [appog.exe] C:\WINDOWS\system32\appog.exe
O4 - HKLM\..\RunOnce: [appye32.exe] C:\WINDOWS\appye32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [ipkv32.exe] C:\WINDOWS\ipkv32.exe
O4 - HKLM\..\RunOnce: [addwu32.exe] C:\WINDOWS\addwu32.exe
O4 - HKLM\..\RunOnce: [atlpk.exe] C:\WINDOWS\atlpk.exe
O4 - HKLM\..\RunOnce: [mfcsu.exe] C:\WINDOWS\system32\mfcsu.exe
O4 - HKLM\..\RunOnce: [netle32.exe] C:\WINDOWS\system32\netle32.exe
O4 - HKLM\..\RunOnce: [atlnm32.exe] C:\WINDOWS\system32\atlnm32.exe
O4 - HKLM\..\RunOnce: [sdkvj32.exe] C:\WINDOWS\sdkvj32.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Sitte etsi ja poista jos löytyy
szhma.dll
ntqd32.dll
msxmidi.exe
hkey.exe
IEService.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
- tuolta tuo WinTools kansio
Edelleen vikasietotilassa käynnistä se AboutBuster ja putsaa sillä 2 kertaa.
Käynnistä sitte normaalisti ja pistä uus Hijack logi tänne. - poista
KaZaa Media Desktop
P2P Networking
WinTools
sieltä lisää\poista sovelluksesta.
sekä vielä Altnet jos se P2P Networking poistossa kysytään. - Auttakaa
Kiitoksia todella paljon! Koneeni käynnistyy todella hyvin nytten! Ja nettikin toimii ihan hyvin. Mutta vielä tulee Spyware varoituksia. Tässä viimeisin logi. Eli onko mitä vielä poistettavaa?
Logfile of HijackThis v1.98.2
Scan saved at 17:52:26, on 28.8.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\system32\apirf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\freescan\freescan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\appyr32.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Juhis\Local Settings\Temporary Internet Files\Content.IE5\I5HYVYD4\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqejm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqejm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqejm.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Reppu internetliittymä
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4291529B-883E-D2B5-FF15-74F8DD4CE597} - C:\WINDOWS\atlvd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [apirf.exe] C:\WINDOWS\system32\apirf.exe
O4 - HKLM\..\RunServices: [windows] hkey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.reppu.mtk.fi
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab- Juu
Sulla on vieläki se HijackThis.exe tuolla
C:\Documents and Settings\Juhis\Local Settings\Temporary Internet Files\Content.IE5\I5HYVYD4\HijackThis[1].exe
SIIRRÄ SE OMAAN KANSIOON TONNE
C:/HjT/HijackThis.exe
Piilotiedostot näkyviin,ohje tuolla
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
Kato sieltä Lisää/Poista paneelista,jos tuo Spyware Begone näkyy siellä,niin poista se.
Käynnistä kone vikasietotilassa ja kato prosesseista Ctrl Alt Delete,jos nämä on siellä käynnissä,niin sammuta ne.
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\system32\apirf.exe
C:\WINDOWS\system32\appyr32.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
Edelleen vikasietotilassa scannaa Hijackillä merkkaa nuo,sulje selain ja muut avoimet ikkunat ja paina FIX checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqejm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqejm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqejm.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lqejm.dll/sp.html#96676
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [apirf.exe] C:\WINDOWS\system32\apirf.exe
O4 - HKLM\..\RunServices: [windows] hkey.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
Edelleen vikasietotilassa etsi ja poista jos löytyy
apirf.exe
appyr32.exe
lqejm.dll
hkey.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
- tuolta tuo WinTools kansio
Aina vaan vikasietotilassa avaa se AboutBuster ja putsaa sillä 2 kertaa.
Putsaa myös Ad-Awarella kerran.
Käynnistä sitte normaalisti ja pistä taas uus Hijack logi tänne.
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Martinan uusi poikakaveri
Sielläpä se sitten on. Instastoorissa pienissä speedoissa retkottaa uusin kulta Martinan kanssa. Oikein sydämiä laitettu2063230Suomessa helteet ylittää vasta +30 astetta.
Etelä-Euroopassa on mitattu yli +40 asteen lämpötiloja. Lähi-Idässä +50 on ylitetty useasti Lämpöennätykset rikkoutuva2391620Laita mulle viesti!!
Laita viesti mesen (Facebook) kautta. Haluan keskustella mutta sinun ehdoilla en halua häiriköidä tms. Yhä välitän sinus951472- 921389
Vanhemmalle naiselle
alkuperäiseltä kirjoittajalta. On olemassa myös se toinen joka tarkoituksella käyttää samaa otsikkoa. Ihan sama kunhan e461344Fazer perustaa 400 miljoonan suklaatehtaan Lahteen
No eipä ihme miksi ovat kolminkertaistaneen suklaalevyjensä hinnan. Nehän on alkaneet keräämään rahaa tehdasta varten.1581259Ajattelen sinua tänäkin iltana
Olet huippuihana❤️ Ajattelen sinua jatkuvasti. Toivottavasti tapaamme pian. En malttaisi odottaa, mutta odotan kuitenkin121188Ökyrikkaat Fazerit saivat 20 MILJOONAA veronmaksajien varallisuutta!
"Yle uutisoi viime viikolla, että Business Finland on myöntänyt Fazerille noin 20 miljoonaa euroa investointitukea. Faze1231019Miehelle...
Oliko kaikki mökötus sen arvoista? Ei mukavalta tuntunut, kun aloit hiljaisesti osoittaa mieltä ja kohtelit välinpitämät89932Tuntuu liian hankalalta
Lähettää sulle viesti. Tarvitsen apuasi ottaa koppi tilanteesta. Miehelle meni.47829