Tässä yksi

marko

2004-09-11 16:00:24

Logfile of HijackThis v1.97.7
Scan saved at 15:19:32, on 11.9.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Music\winamp old\winampa.exe
C:\Program Files\Creative\News\NewsUpd.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Documents and Settings\make\Työpöytä\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.suomi24.fi/keskustelu
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Palvelut (HKCU)
O9 - Extra button: Tuki (HKCU)
O9 - Extra button: SMS-viesti (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?1073222104734
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab

-------------------------
Tässäpä yksi Johon kokeenet saa ottaa kantaa... itse poistin siitä jotain

457

Äänestä

Vastaukset

Juu
2004-09-11 17:43:35
Kylä siellä on poistamista,mutta pistä uus logi tolla uusimmalla versiolla

http://koti.mbnet.fi/pattaya1/HijackThis.exe
- marko
  2004-09-11 18:19:39
  Logfile of HijackThis v1.98.2
  Scan saved at 18:14:40, on 11.9.2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
  C:\WINDOWS\System32\CTSvcCDA.exe
  C:\WINDOWS\System32\gearsec.exe
  C:\WINDOWS\system32\ZONELABS\vsmon.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\atiptaxx.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  D:\Music\winamp old\winampa.exe
  C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\system32\mapiicon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\make\Työpöytä\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.suomi24.fi/keskustelu
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [ADSL_A2] A2Installed
  O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
  O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra button: Palvelut - {1F890378-63A2-4C09-BE74-E0A5A0A076A7} - http://service.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: Tuki - {552FE095-7562-49C0-914B-BA820F63D48F} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: SMS-viesti - {BB4BC40B-722C-4FC1-8AA7-E2911349BA3A} - http://sms.kolumbus.fi/ (file missing) (HKCU)
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
  O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
  O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Tässä on uusin versio logista..
  
  Kiitos kun olet valmis auttamaan kokemattomampia
  
  onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa??
  
  vois itsekkin opetella näitä..
- Juu
  2004-09-11 18:59:48
  marko kirjoitti:
  Logfile of HijackThis v1.98.2
  Scan saved at 18:14:40, on 11.9.2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Documents and Settings\make\Työpöytä\Security\antivir\aswUpdSv.exe
  C:\WINDOWS\System32\CTSvcCDA.exe
  C:\WINDOWS\System32\gearsec.exe
  C:\WINDOWS\system32\ZONELABS\vsmon.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\atiptaxx.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  D:\Music\winamp old\winampa.exe
  C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\WINDOWS\system32\mapiicon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\make\Työpöytä\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.suomi24.fi/keskustelu
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.suomi24.fi/keskustelu
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [ADSL_A2] A2Installed
  O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
  O4 - HKLM\..\Run: [WinampAgent] "D:\Music\winamp old\winampa.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
  O4 - HKLM\..\Run: [SwatIt] C:\Program Files\Swat It v2.1\SwatIt.exe /tray
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashDisp.exe
  O4 - HKLM\..\Run: [ashMaiSv] C:\DOCUME~1\make\TYÖPÖYTÄ\Security\antivir\ashmaisv.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
  O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
  O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra button: Palvelut - {1F890378-63A2-4C09-BE74-E0A5A0A076A7} - http://service.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: Tuki - {552FE095-7562-49C0-914B-BA820F63D48F} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
  O9 - Extra button: SMS-viesti - {BB4BC40B-722C-4FC1-8AA7-E2911349BA3A} - http://sms.kolumbus.fi/ (file missing) (HKCU)
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} - http://18.sharedsource.org/html/UDConn_5.2.0.8.cab
  O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439fi.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v1d12.cab
  O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Tässä on uusin versio logista..
  
  Kiitos kun olet valmis auttamaan kokemattomampia
  
  onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa??
  
  vois itsekkin opetella näitä..
  Kato Lisää/Poista paneelista jos tämä näkyy siellä,niin poista se
  
  NewsUpd
  
  Siirrä se HijackThis.exe omaan kansioon tonne
  C:/HjT/HijackThis.exe
  
  Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina FIX checked
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s p/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/s u/ymsgr/*http://www.yahoo.com
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/s b/ymsgr/*http://www.yahoo.com/ext/search/search.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s p/ymsgr/*http://www.yahoo.com
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/s tp/ymsgr*http://my.yahoo.com
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/s u/ymsgr/*http://www.yahoo.com
  O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.exe /q
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058623fi.exe
  O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://206.161.125.149/rundlg32.cab
  O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexFI632.exe
  O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.c ab
  O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle 33v1d12.cab
  O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/toolbar.CAB
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.33/EPlugin.cab
  O21 - SSODL: System - {4A9DBBFD-C3E3-46A4-BBDA-488D8C09012D} - C:\WINDOWS\system32\system32.dll
  
  Käynnistä sitte vikasietotilassa etsi ja poista jos löytyy
  
  system32.dll
  
  C:\Program Files\Creative\News\NewsUpd.exe /q
  - tuolta tuo News kansio
  
  >onko jossain olemassa sivusto jossa on tietoa näistä jutuista ja mitä sää/pitää poistaa<
  
  Tutki tuolla pikkasen
  
  http://koti.mbnet.fi/pattaya1/hjt7_ohjeita.htm

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Pride-liputus närästää monissa Suomen kunnissa
Suomen lipun nostamisesta on laki. Pride‑liputuksesta ei. Kieltäytyviin kuntiin kohdistuu poliittista painostusta kuin k
09.06.2026 11:26Maailman menoa
69
3769
On tiedossa, että venäjämieliset diggaavat diktatuurista venäjää
jossa ei esim. ole sanan- ja lehdistönvapautta. Mutta keitä nämä venäjän palvojat sitten ovat, ei heitä toki paljon ole
10.06.2026 19:23Maailman menoa
38
2381
Vihreiden, SDP:n ja Vasemmistoliiton kannattajista selvästi alle puolet on miehiä
ja silti joku punafeministi valitti kokoomuksen naiskannattajien puutteesta, vaikka siellä on enemmän naisia kuin punavi
10.06.2026 12:18Maailman menoa
71
2348
Belfastissa käynnissä kunnon persuilu
Joku random mamu tekee rikoksen, niin sikäläiset naamiopersut kostavat tuhoamalla kantaävestön omaisuutta. Liekö siellä
10.06.2026 19:11Maailman menoa
60
2228
Ensin Henry Novak ja nyt sitten se Irlannin tapaus
jossa mustaihoinen afrikkalainen mieshenkilö puukottaa valkoihoista maassa makaavaa miestä useita kertoa pään alueelle.
11.06.2026 11:51Maailman menoa
33
1994
Persujen kannatusromahdus tekee kesästä 2026 nautinnollisen
Satoi tai paistoi, niin Suomen kansalaisella on kuluvana kesänä syytä hymyyn. Niin upealta tuntuu persujen kannatusroma
10.06.2026 09:35Maailman menoa
71
1594
Mitä kirjainta haluaisit
Ra kastella mahdottomasti?
09.06.2026 15:39Ikävä
76
1497
Onko kaivattusi rohkeampi kuin sinä?
Vai oletko sinä rohkeampia? Mikä on rohkea teko, minkä sinä tai kaivattusi on tehnyt? Mitä siitä seurasi?
09.06.2026 12:28Ikävä
58
1071
Kaunein nimi
Mikä on mielestäsi kaunein miehen ja naisen nimi? Haluaisitko itse olla joku toisen niminen?
09.06.2026 22:55Ikävä
68
1012
Rakastan sinua hiljaisuudessa
Rakastan sinua hiljaisuudessa. Olisit minun tai et, olen odottanut sinua vuosisatojen ajan. Ilman sinua sydämeni on yksi
10.06.2026 00:37Rakkaus ja rakastaminen
40
929

Tässä yksi

Vastaukset

marko kirjoitti:

Luetuimmat keskustelut

Pride-liputus närästää monissa Suomen kunnissa

On tiedossa, että venäjämieliset diggaavat diktatuurista venäjää

Vihreiden, SDP:n ja Vasemmistoliiton kannattajista selvästi alle puolet on miehiä

Belfastissa käynnissä kunnon persuilu

Ensin Henry Novak ja nyt sitten se Irlannin tapaus

Persujen kannatusromahdus tekee kesästä 2026 nautinnollisen

Mitä kirjainta haluaisit

Onko kaivattusi rohkeampi kuin sinä?

Kaunein nimi

Rakastan sinua hiljaisuudessa

Martina Aitolehti läpäisi Erikoisjoukot - Tilittää umpirehellisenä kuvauksista

Danny, 83, teki yllätysliikkeen - Missä on 25-vuotias Helmi Loukasmäki?

Huomasitko? Erikoisjoukot tippuja Pinja Pinsku sai kouluttajalta koskettavat sanat

Joskus tulee niin

Martina Aitolehti laukoo suorat sanat Erikoisjoukoista - Yksi tekijä oli "ihan sairasta"

Kannattiko lakkauttaa Valtion Pukutehdas?

GALLUP: Kuka voittaa Farmi Suomen: Tidjan, Jannica vai Ville?

Kiitos Ellen, Jari ja Ralph Unelmia Italiassa sarjasta!

Espoo veti tiukan linjan Suvivirren suhteen

Arvi Lind suora muistolähetys tänään tv:ssä