Hjt logi

hara

Kattosko joku tän. Taitaa olla jotain ylimääräistä..

Logfile of HijackThis v1.98.2
Scan saved at 12:05:00, on 20.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\mapiicon.exe
C:\WINDOWS\webshots.scr
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [QLVDN] C:\WINDOWS\QLVDN.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [sysbot] c:\windows\system32\sysbot.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

6

292

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Kyllä siellä pari poistettavaa on. Laita piilotiedostot näkyviin, tuossa ohjeet
      http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

      Sulje selain ja muut ikkunat, laita ruksi noiden eteen ja paina FIX

      O4 - HKLM\..\Run: [ADSL_A2] A2Installed
      O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
      O4 - HKLM\..\Run: [QLVDN] C:\WINDOWS\QLVDN.exe

      Jos et tunne tuota niin laita sekin
      O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

      Etsi ja poista vikasietotilassa

      enbiei.exe (Käytä ETSI toimintoa, mutta on todennäköisesti SYSTEM32 kansiossa)
      C:\WINDOWS\---tuo---QLVDN.exe

      Käynnistä normaalitilaan, laita uusi logi

      • hara

        Fixattu on. Ei löytynyt mistään enbiei.exe
        Bootin jälkeen tulee seuraava errori (tuli ennen fixaustakin).

        Virhe ladattaessa: C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
        Määriteltyä osaa ei löydy.

        Tässä uus logi:

        Logfile of HijackThis v1.98.2
        Scan saved at 13:46:13, on 20.10.2004
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
        C:\Program Files\F-Secure\fswsclds.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\Program Files\PopUp Killer\PopUpKiller.EXE
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\WINDOWS\system32\mapiicon.exe
        C:\WINDOWS\webshots.scr
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
        O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
        O4 - HKLM\..\Run: [sysbot] c:\windows\system32\sysbot.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
        O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
        O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


      • hara kirjoitti:

        Fixattu on. Ei löytynyt mistään enbiei.exe
        Bootin jälkeen tulee seuraava errori (tuli ennen fixaustakin).

        Virhe ladattaessa: C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
        Määriteltyä osaa ei löydy.

        Tässä uus logi:

        Logfile of HijackThis v1.98.2
        Scan saved at 13:46:13, on 20.10.2004
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
        C:\Program Files\F-Secure\fswsclds.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\Program Files\PopUp Killer\PopUpKiller.EXE
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\WINDOWS\system32\mapiicon.exe
        C:\WINDOWS\webshots.scr
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
        O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
        O4 - HKLM\..\Run: [sysbot] c:\windows\system32\sysbot.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
        O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
        O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

        Poista WildTangent Lisää/Poista sovelluksesta jos löytyy. Ja/tai fixaa HjT:llä, etsi ja poista C:\Program Files\--tuo kansio--WildTangent


      • hara
        HJT kirjoitti:

        Poista WildTangent Lisää/Poista sovelluksesta jos löytyy. Ja/tai fixaa HjT:llä, etsi ja poista C:\Program Files\--tuo kansio--WildTangent

        WildTangent poistettu ja vähän muutakin turhaa poistettu.

        Tässä vielä uusi logi, miltä se nyt näyttää?

        Logfile of HijackThis v1.98.2
        Scan saved at 15:45:21, on 20.10.2004
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\fswsclds.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\system32\mapiicon.exe
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
        O4 - HKLM\..\Run: [sysbot] c:\windows\system32\sysbot.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab


      • hara kirjoitti:

        WildTangent poistettu ja vähän muutakin turhaa poistettu.

        Tässä vielä uusi logi, miltä se nyt näyttää?

        Logfile of HijackThis v1.98.2
        Scan saved at 15:45:21, on 20.10.2004
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\fswsclds.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\system32\mapiicon.exe
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
        O4 - HKLM\..\Run: [sysbot] c:\windows\system32\sysbot.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

        hyvältä, jos kone vielä toimiikin niin homma on selvä :)


      • hara
        HJT kirjoitti:

        hyvältä, jos kone vielä toimiikin niin homma on selvä :)

        Hienosti toimii. Kiitos paljon!


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ajattelen sinua nyt

      Ajattelen sinua hyvin todennäköisesti myös huomenna. Sitten voi mennä viikko, että ajattelen sinua vain iltaisin ja aamu
      Ikävä
      70
      5757
    2. Vaistoan ettei sulla kaikki hyvin

      Odotatko että se loppuu kokonaan ja avaat vasta linjan. Niin monen asian pitäisi muuttua että menisi loppu elämä kivasti
      Ikävä
      27
      4867
    3. Yritys Kannus

      Mää vaan ihmettelen, julkijuopottelua. Eikö tosiaan oo parempaa hommaa, koittas saada oikeasti jotain aikaiseksi. Hävett
      Kannus
      18
      2976
    4. Oletko täällä mies?

      Mitä mietit? ❤️ varmistan vielä, että onhan kaikki ok meidän välillä?
      Ikävä
      178
      2408
    5. Työkyvyttömienkin on jatkossa haettava työtä

      Riikalla ja Petterillä on hyviä uutisia Suomen työttömille: ”Toimeentulotuen uudistus velvoittaa työttömäksi ilmoittaut
      Perussuomalaiset
      183
      2070
    6. Mies kadonnut

      Kukas siellä kolarissa on kadonnut
      Kolari
      17
      2046
    7. Eikö ole jo ihan sama luovuttaa

      Meidän suhde ei ikinä toimisi.
      Ikävä
      103
      1501
    8. Elokapinan mielenosoitussarja alkaa

      Varma kesän merkki on, kun planeetastamme huolestuneet ihmiset alkavat pitää tilaisuuksia muistuttaakseen ihmisiä siitä,
      Maailman menoa
      307
      1278
    9. Kerro jotakin kaivatustasi.

      Vaikka synkimmät salaisuudet jos tiedät. :) m
      Ikävä
      68
      1194
    10. Harmi, se on

      Mutta mä tulkitsen asian sitten niin. Olen yrittänyt, oman osani tehnyt, ja saa olla mun puolesta nyt loppuun käsitelty
      Tunteet
      17
      1156
    Aihe