hijackthis logi! voisko joku vähän neuvoo??

Shumi

2004-11-14 22:36:09

eli ongelmana on se, että kotisivu vaihtuu itestään. oon jo kokeillu kaikkii poisto-ohjelmii mut ei auttanu ja täs ois hijackthis logi, jos joku osais neuvoo mitä rivejä poistaa.

Logfile of HijackThis v1.98.2
Scan saved at 22:31:15, on 14.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xuqcgdaxnsnekenw.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExIIvFWQzR3MvOz_wR89qjJwF.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A52FBBDB-A68B-8739-6CC6-D3F8002FBA7C} - C:\DOCUME~1\Omistaja\APPLIC~1\PHONEH~1\Dvd Bore.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dwpzyc.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [window2] ieupdate.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Obj Coal Close Setup] C:\Documents and Settings\All Users\Application Data\idolblehobjcoal\curb loud.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [window2] ieupdate.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [window2] ieupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

818

Äänestä

Vastaukset

qwerty
2004-11-14 22:50:40
Mikähän tämä on?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xuqcgdaxnsnekenw.net/kguvDnwJil4NxuOTETHjDcG nNSTECbhc_wOnbdaExIIvFWQzR3MvOz_wR89qjJwF.htm
- Shumi
  2004-11-14 22:53:47
  Just semmosen sivun se vaihtaa kotisivuks... Poistainks mä sen??
HJT
2004-11-15 12:05:26
Siellä on paljon muutakin ongelmaa kuin kotisivikaappari. Poista Lisää/Poista sovelluksesta MessengerPlus3 ja poista sen kansio tuolta C:\Program Files\Messenger Plus! 3.

Puhdista kone noilla online scannereilla
http://fi.trendmicro-europe.com/consumer/products/housecall_pre.php
http://www.windowsecurity.com/trojanscan/

Laita sitten uusi logi niin putsataan loput.
- Shumi
  2004-11-15 16:05:05
  Jóo, eli tein kaikki mitä neuvoit, paitsi sitä messengerplus3:sen kansiota ei voinu poistaa ku siel oli joku kirjotussuojattu tiedosto...
  
  Logfile of HijackThis v1.98.2
  Scan saved at 16:03:06, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\ALCXMNTR.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\progra~1\intern~1\iexplore.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\HijackThis.exe
  C:\Program Files\Messenger\msmsgs.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvkcstkyaebkszhvxq.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILygq7/URcCxT_wR89qjJwF.jsp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: (no name) - {A52FBBDB-A68B-8739-6CC6-D3F8002FBA7C} - C:\DOCUME~1\Omistaja\APPLIC~1\PHONEH~1\Dvd Bore.exe
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dwpzyc.exe
  O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [window2] ieupdate.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [Obj Coal Close Setup] C:\Documents and Settings\All Users\Application Data\idolblehobjcoal\curb loud.exe
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\RunServices: [window2] ieupdate.exe
  O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Omistaja\LOCALS~1\Temp\MsgPlusUninst.bat"
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKCU\..\Run: [window2] ieupdate.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
- HJT
  2004-11-15 16:45:59
  Shumi kirjoitti:
  Jóo, eli tein kaikki mitä neuvoit, paitsi sitä messengerplus3:sen kansiota ei voinu poistaa ku siel oli joku kirjotussuojattu tiedosto...
  
  Logfile of HijackThis v1.98.2
  Scan saved at 16:03:06, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\ALCXMNTR.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\progra~1\intern~1\iexplore.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\HijackThis.exe
  C:\Program Files\Messenger\msmsgs.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvkcstkyaebkszhvxq.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILygq7/URcCxT_wR89qjJwF.jsp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: (no name) - {A52FBBDB-A68B-8739-6CC6-D3F8002FBA7C} - C:\DOCUME~1\Omistaja\APPLIC~1\PHONEH~1\Dvd Bore.exe
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dwpzyc.exe
  O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [window2] ieupdate.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKLM\..\Run: [Obj Coal Close Setup] C:\Documents and Settings\All Users\Application Data\idolblehobjcoal\curb loud.exe
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\RunServices: [window2] ieupdate.exe
  O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Omistaja\LOCALS~1\Temp\MsgPlusUninst.bat"
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKCU\..\Run: [window2] ieupdate.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  Laita piilotiedostot näkyviin, tuossa ohjeet
  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
  
  Laita HjT omaan kansioon
  
  Sammuta tuo prosessi Tehtävienhallinnasta(Ctrl Alt Delete)
  C:\WINDOWS\ALCXMNTR.EXE
  
  Sulje selain ja muut ikkunat, merkkaa nuo ja paina FIX
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvkcstkyaebkszhvxq.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILygq7/URcCxT_wR89qjJwF.jsp
  O2 - BHO: (no name) - {A52FBBDB-A68B-8739-6CC6-D3F8002FBA7C} - C:\DOCUME~1\Omistaja\APPLIC~1\PHONEH~1\Dvd Bore.exe
  O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dwpzyc.exe
  O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [window2] ieupdate.exe
  O4 - HKLM\..\Run: [Obj Coal Close Setup] C:\Documents and Settings\All Users\Application Data\idolblehobjcoal\curb loud.exe
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\RunServices: [window2] ieupdate.exe
  O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Omistaja\LOCALS~1\Temp\MsgPlusUninst.bat"
  O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKCU\..\Run: [window2] ieupdate.exe
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - Global Startup: BTTray.lnk = ?
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  
  Käynnistä vikasietotilaan, etsi ja poista(Käytä ETSI toimintoa noihin missä ei ole polkua)
  
  Se Messengerplus kansio
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo---PHONEH~1\Dvd Bore.exe
  C:\WINDOWS\System32\---tuo---dwpzyc.exe
  Winregs32.exe
  C:\WINDOWS\---tuo---ALCXMNTR.EXE
  ieupdate.exe
  C:\Documents and Settings\All Users\Application Data\---tuo---idolblehobjcoal\curb loud.exe
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo---PLAYEN~1\Meow lies.exe
  
  Tyhjennä tuo temp kansio
  C:\DOCUME~1\Omistaja\LOCALS~1\Temp
  
  Käynnistä normaalisti ja laita uusi logi.
- Shumi
  2004-11-15 18:34:25
  HJT kirjoitti:
  Laita piilotiedostot näkyviin, tuossa ohjeet
  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
  
  Laita HjT omaan kansioon
  
  Sammuta tuo prosessi Tehtävienhallinnasta(Ctrl Alt Delete)
  C:\WINDOWS\ALCXMNTR.EXE
  
  Sulje selain ja muut ikkunat, merkkaa nuo ja paina FIX
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvkcstkyaebkszhvxq.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILygq7/URcCxT_wR89qjJwF.jsp
  O2 - BHO: (no name) - {A52FBBDB-A68B-8739-6CC6-D3F8002FBA7C} - C:\DOCUME~1\Omistaja\APPLIC~1\PHONEH~1\Dvd Bore.exe
  O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dwpzyc.exe
  O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [window2] ieupdate.exe
  O4 - HKLM\..\Run: [Obj Coal Close Setup] C:\Documents and Settings\All Users\Application Data\idolblehobjcoal\curb loud.exe
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
  O4 - HKLM\..\RunServices: [window2] ieupdate.exe
  O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Omistaja\LOCALS~1\Temp\MsgPlusUninst.bat"
  O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
  O4 - HKCU\..\Run: [window2] ieupdate.exe
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - Global Startup: BTTray.lnk = ?
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
  
  Käynnistä vikasietotilaan, etsi ja poista(Käytä ETSI toimintoa noihin missä ei ole polkua)
  
  Se Messengerplus kansio
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo---PHONEH~1\Dvd Bore.exe
  C:\WINDOWS\System32\---tuo---dwpzyc.exe
  Winregs32.exe
  C:\WINDOWS\---tuo---ALCXMNTR.EXE
  ieupdate.exe
  C:\Documents and Settings\All Users\Application Data\---tuo---idolblehobjcoal\curb loud.exe
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo---PLAYEN~1\Meow lies.exe
  
  Tyhjennä tuo temp kansio
  C:\DOCUME~1\Omistaja\LOCALS~1\Temp
  
  Käynnistä normaalisti ja laita uusi logi.
  tein kaiken mitä sanoit ja täs nyt on uus logi
  
  Logfile of HijackThis v1.98.2
  Scan saved at 18:32:26, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\Program Files\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://coqdqnfahddku.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILPcGl8w9GdGD_wR89qjJwF.jsp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
- HJT
  2004-11-15 18:53:28
  Shumi kirjoitti:
  tein kaiken mitä sanoit ja täs nyt on uus logi
  
  Logfile of HijackThis v1.98.2
  Scan saved at 18:32:26, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\Program Files\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://coqdqnfahddku.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILPcGl8w9GdGD_wR89qjJwF.jsp
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  Eipä lähteny kaikki tai sitten tulivat takaisin? Fixaa nuo
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://coqdqnfahddku.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILPcGl8w9GdGD_wR89qjJwF.jsp
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  
  Etsi ja poista tuo vikasietotilassa
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo kansio---PLAYEN~1\Meow lies.exe
  
  Uusi käynnistys, uusi logi.
- Shumi
  2004-11-15 19:23:40
  HJT kirjoitti:
  Eipä lähteny kaikki tai sitten tulivat takaisin? Fixaa nuo
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://coqdqnfahddku.net/kguvDnwJil4NxuOTETHjDcGnNSTECbhc_wOnbdaExILPcGl8w9GdGD_wR89qjJwF.jsp
  O4 - HKCU\..\Run: [less ooze] C:\DOCUME~1\Omistaja\APPLIC~1\PLAYEN~1\Meow lies.exe
  
  Etsi ja poista tuo vikasietotilassa
  C:\DOCUME~1\Omistaja\APPLIC~1\---tuo kansio---PLAYEN~1\Meow lies.exe
  
  Uusi käynnistys, uusi logi.
  Fixasin ja poistin sen kansion ja tässä nyt on tää logi...
  
  Logfile of HijackThis v1.98.2
  Scan saved at 19:22:10, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\HJT\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
- HJT
  2004-11-15 19:41:01
  Shumi kirjoitti:
  Fixasin ja poistin sen kansion ja tässä nyt on tää logi...
  
  Logfile of HijackThis v1.98.2
  Scan saved at 19:22:10, on 15.11.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\windows\system\hpsysdrv.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  C:\WINDOWS\System32\hphmon05.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
  C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  c:\Program Files\Norton AntiVirus\navapsvc.exe
  c:\Program Files\Norton Personal Firewall\NISUM.EXE
  c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\HJT\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
  O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097331205734
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  näyttäis puhtaalta. Pääset sinäkin viettämään lomaasi kun F-1 kausi on ohi, ja konekkin on siivottu ;)
- Shumi
  2004-11-15 19:50:16
  HJT kirjoitti:
  näyttäis puhtaalta. Pääset sinäkin viettämään lomaasi kun F-1 kausi on ohi, ja konekkin on siivottu ;)
  joo =) kiitti vaa sullekki ku jaksoit mua auttaa!!

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Näin Enter-napilla tehdään miljardi euroa - Helsingissä
"Ei se nyt niin kovin ihmeelliseltä näytä. Tavallinen nappi, musta muovinpala, joka kököttää parikymppiä maksavan mustan
26.02.2026 18:09Maailman menoa
0
3570
Minulla ei ole ketään muita
Enkä halua ketään muita kuin sinut.
26.02.2026 02:35Ikävä
43
3151
Eipä tunnu se "pedofilia" huuto kiinnostavan
Lähinnä se sekohäirikkö ressukka joutuu itse vastaileen itselleen, mitään näkyvyyttä ei saa, palstalla ylipäätään on hyv
25.02.2026 19:06Maailman menoa
56
2887
Jätä minut rauhaan
En pidä sinusta. Lopeta seuraaminen. Älä tulkitse keskustelutaitoa tai ystävällisyyttä miksikään sellaiseksi mitä ne eiv
26.02.2026 08:44Ikävä
34
2768
4,5 promillee
Aika rajut lukemat joku eilen puhaltanut.
26.02.2026 13:34Suomussalmi
16
2688
No kyllä te luuserit voitte tehdä mitä vaan keskenänne, sitä en ymmärrä miksi pelaat,nainen
Pisteesi silmissäni, edes ystävätasolla tippui jo tuhannella, kun sain selville pelailusi, olet toisen kanssa, vaikka ol
25.02.2026 01:01Ikävä
45
2560
Harmittaako sinua yhtään?
Tuntuuko pahalta ollenkaan?
26.02.2026 02:54Ikävä
44
2200
Ben Z: "SDP ei ole ollut 50 vuoteen näin huolissaan velasta"
"– Olen ollut eduskunnassa noin 50 vuotta, eikä SDP ole koskaan ollut niin huolissaan velasta kuin nyt. Se on tietysti h
26.02.2026 18:04Maailman menoa
26
2065
Voiku saisi sen sun
Rakkauden kokea. Tykkään susta niin paljon edelleen.
26.02.2026 19:08Ikävä
42
1965
Olitpa ikävän
Kylmä eilen. Miksi ihmeessä?
26.02.2026 05:34Ikävä
45
1749

hijackthis logi! voisko joku vähän neuvoo??

Vastaukset

Shumi kirjoitti:

HJT kirjoitti:

Shumi kirjoitti:

HJT kirjoitti:

Shumi kirjoitti:

HJT kirjoitti:

Luetuimmat keskustelut

Näin Enter-napilla tehdään miljardi euroa - Helsingissä

Minulla ei ole ketään muita

Eipä tunnu se "pedofilia" huuto kiinnostavan

Jätä minut rauhaan

4,5 promillee

No kyllä te luuserit voitte tehdä mitä vaan keskenänne, sitä en ymmärrä miksi pelaat,nainen

Harmittaako sinua yhtään?

Ben Z: "SDP ei ole ollut 50 vuoteen näin huolissaan velasta"

Voiku saisi sen sun

Olitpa ikävän

Mitä luulet, miten Martina Aitolehti pärjää Erikoisjoukoissa?

Tätä et näe tv:ssä: Atte Kilpinen napauttaa negatiivisesta palautteesta

Kouluruokailu

Onko hyvä näin? The Summit Suomi -realityssä on aivan tavallisia suomalaisia, ei julkkiksia

Dannyn, 83, seuralainen, "ex-assistentti" Helmi Loukasmäki jo 25 vuotta!

300 000 työtöntä taistelee 30 000 työpaikasta

Erikoisjoukot: Törkeästi kohdeltu Joona Puhakka tilittää kouluttajien huonosta käytöksestä

MTV: Lola Odusoga avoimena Salatut elämät -sarjasta

Jauhelihan hinta nousi rajusti

Narsistiset vanhemmat