aloitussivu pois?

Trouble

Kun avaan koneen, windowsin latauksen jälkeen kone yrittää automaattisesti käynnistää selaimen ja ottaa yhteyttä aina samaan xxx-saittiin.VIruspäivitykset ja haittaohjelmien poistajat eivät auta. Internetyhteyden asetuksissa ja kotisivumäärityksissä ei pitäisi olla vikaa.Ratkaisua?

9

630

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Juu
      • trouble...

        Tässäpä tämä...

        Logfile of HijackThis v1.99.1
        Scan saved at 22:35:49, on 1.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\WINDOWS\System32\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\WINDOWS\System32\viewport.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\WINDOWS\System32\CAPRPCSK.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\VeriSign\NAVI\naviagent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.i/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [WinUpdate] C:\system.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [24.tmp] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\24.tmp.exe 3 10001
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - Startup: I.url
        O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
        O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
        O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://G:\Office\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra 'Tools' menuitem: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O9 - Extra 'Tools' menuitem: i-Nav Asetukset - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.awmdabest.com (HKLM)
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0315ea4f2573b073ef18/netzip/RdxIE601.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133465420168
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF39B6-834B-4B69-94AE-A33ECDAC86F9}: NameServer = 192.168.252.17 192.168.252.16
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe


      • Juu
        trouble... kirjoitti:

        Tässäpä tämä...

        Logfile of HijackThis v1.99.1
        Scan saved at 22:35:49, on 1.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\WINDOWS\System32\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\WINDOWS\System32\viewport.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\WINDOWS\System32\CAPRPCSK.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\VeriSign\NAVI\naviagent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.i/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [WinUpdate] C:\system.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [24.tmp] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\24.tmp.exe 3 10001
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - Startup: I.url
        O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
        O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
        O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://G:\Office\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O9 - Extra button: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra 'Tools' menuitem: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O9 - Extra 'Tools' menuitem: i-Nav Asetukset - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.awmdabest.com (HKLM)
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0315ea4f2573b073ef18/netzip/RdxIE601.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133465420168
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF39B6-834B-4B69-94AE-A33ECDAC86F9}: NameServer = 192.168.252.17 192.168.252.16
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe

        Siirrä ensin se Hijackki omaan kansioon tonne.
        C:\HjT\HijackThis.exe

        Merkkaa nuo sulje selain ja ja paina Fix checked

        O4 - HKLM\..\Run: [WinUpdate] C:\system.exe
        O4 - HKLM\..\Run: [24.tmp] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\24.tmp.exe 3 10001
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.awmdabest.com (HKLM)
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0315ea4f2573b073ef18/netzip/RdxIE601.cab

        Käynnistä sitte vikasietotilassa ja poista jos löytyy

        C:\system.exe
        Tyhjennä Tempit

        Käynnistä sitte normaalisti ja uus logi


      • trouble
        Juu kirjoitti:

        Siirrä ensin se Hijackki omaan kansioon tonne.
        C:\HjT\HijackThis.exe

        Merkkaa nuo sulje selain ja ja paina Fix checked

        O4 - HKLM\..\Run: [WinUpdate] C:\system.exe
        O4 - HKLM\..\Run: [24.tmp] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\24.tmp.exe 3 10001
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.awmdabest.com (HKLM)
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
        O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0315ea4f2573b073ef18/netzip/RdxIE601.cab

        Käynnistä sitte vikasietotilassa ja poista jos löytyy

        C:\system.exe
        Tyhjennä Tempit

        Käynnistä sitte normaalisti ja uus logi

        En löytänyt vikasietotilassa system.exeä. Tässä uusi logi. Ongelma edelleen sama.

        Logfile of HijackThis v1.99.1
        Scan saved at 11:18:33, on 4.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\WINDOWS\System32\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\WINDOWS\System32\viewport.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\Winamp\winampa.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\CAPRPCSK.EXE
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\VeriSign\NAVI\naviagent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.i/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - Startup: I.url
        O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
        O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
        O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://G:\Office\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra 'Tools' menuitem: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O9 - Extra 'Tools' menuitem: i-Nav Asetukset - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133465420168
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF39B6-834B-4B69-94AE-A33ECDAC86F9}: NameServer = 192.168.252.17 192.168.252.16
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe


      • Juu
        trouble kirjoitti:

        En löytänyt vikasietotilassa system.exeä. Tässä uusi logi. Ongelma edelleen sama.

        Logfile of HijackThis v1.99.1
        Scan saved at 11:18:33, on 4.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\WINDOWS\System32\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\WINDOWS\System32\viewport.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\Winamp\winampa.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\CAPRPCSK.EXE
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\VeriSign\NAVI\naviagent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.i/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - Startup: I.url
        O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
        O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
        O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://G:\Office\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra 'Tools' menuitem: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O9 - Extra 'Tools' menuitem: i-Nav Asetukset - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133465420168
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF39B6-834B-4B69-94AE-A33ECDAC86F9}: NameServer = 192.168.252.17 192.168.252.16
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe

        Ota tuo ja säästä se työpöydälle

        http://www.mvps.org/winhelp2002/DelDomains.inf

        sitte klikkaa sitä oikeella ja valikosta Install tai Asenna
        Se poistaa nuo 015 rivit.

        Sitte hae tuolta Ewido

        http://www.ewido.net/en/download/

        asenna ja päivitä se.
        Käynnistä sitte vikasietotilassa ja scanaa putsaa sillä ja säästä logi.
        Käynnistä sitte normaalisti ja lähetä se Ewidon logi.

        Tiiäkkö tai tunnistakko mikä tuo on

        O4 - Startup: I.url


      • Tääh.
        trouble kirjoitti:

        En löytänyt vikasietotilassa system.exeä. Tässä uusi logi. Ongelma edelleen sama.

        Logfile of HijackThis v1.99.1
        Scan saved at 11:18:33, on 4.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\WINDOWS\System32\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Logitech\iTouch\iTouch.exe
        C:\WINDOWS\System32\viewport.exe
        C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\Winamp\winampa.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\CAPRPCSK.EXE
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
        C:\Program Files\Nikon\NkView5\NkvMon.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\VeriSign\NAVI\naviagent.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.i/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [HydarVisionViewport] viewport.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
        O4 - Startup: I.url
        O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
        O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
        O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
        O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
        O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://G:\Office\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
        O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra 'Tools' menuitem: i-Nav Ohje - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
        O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O9 - Extra 'Tools' menuitem: i-Nav Asetukset - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133465420168
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF39B6-834B-4B69-94AE-A33ECDAC86F9}: NameServer = 192.168.252.17 192.168.252.16
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe

        Eikö poistunut. Ehkä sulla on vielä tuo puhdistus kesken.
        Niin ja päivityksien hakuun.


      • trouble
        Juu kirjoitti:

        Ota tuo ja säästä se työpöydälle

        http://www.mvps.org/winhelp2002/DelDomains.inf

        sitte klikkaa sitä oikeella ja valikosta Install tai Asenna
        Se poistaa nuo 015 rivit.

        Sitte hae tuolta Ewido

        http://www.ewido.net/en/download/

        asenna ja päivitä se.
        Käynnistä sitte vikasietotilassa ja scanaa putsaa sillä ja säästä logi.
        Käynnistä sitte normaalisti ja lähetä se Ewidon logi.

        Tiiäkkö tai tunnistakko mikä tuo on

        O4 - Startup: I.url

        Tein proseduurit, ja löytyihän noita bugeja, mutta ongelma edelleen. Tuosta I.url - ei ole mitään hajua, oisko ongelma siinä? Tuossa ewidon logi.

        Created on:         16:38:05, 4.12.2005
        Report-Checksum:      46160F9

        Scan result:

           HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
           HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
           HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
           HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
           C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator : Cleaned with backup
           C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\sysres.0xe -> Trojan.Logmod.b : Cleaned with backup
           C:\WINDOWS\system32\winze32.0ll -> Downloader.Agent.bc : Cleaned with backup

        ::Report End


      • Juu
        trouble kirjoitti:

        Tein proseduurit, ja löytyihän noita bugeja, mutta ongelma edelleen. Tuosta I.url - ei ole mitään hajua, oisko ongelma siinä? Tuossa ewidon logi.

        Created on:         16:38:05, 4.12.2005
        Report-Checksum:      46160F9

        Scan result:

           HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
           HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
           HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
           HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
           C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator : Cleaned with backup
           C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
           C:\WINDOWS\sysres.0xe -> Trojan.Logmod.b : Cleaned with backup
           C:\WINDOWS\system32\winze32.0ll -> Downloader.Agent.bc : Cleaned with backup

        ::Report End

        Merkkaa ja Fix:saa tuo

        O4 - Startup: I.url

        > kone yrittää automaattisesti käynnistää selaimen ja ottaa yhteyttä aina samaan xxx-saittiin. <

        Niin onko kysessä siis joku pornosivu vai?

        Kato onko Host file ok...ei ylimääräisiä riviä.
        Avaa Hijackki
        Config... > Misc Tools > Open hosts file manager


      • Trouble
        Juu kirjoitti:

        Merkkaa ja Fix:saa tuo

        O4 - Startup: I.url

        > kone yrittää automaattisesti käynnistää selaimen ja ottaa yhteyttä aina samaan xxx-saittiin. <

        Niin onko kysessä siis joku pornosivu vai?

        Kato onko Host file ok...ei ylimääräisiä riviä.
        Avaa Hijackki
        Config... > Misc Tools > Open hosts file manager

        Hämärä sivulataus poistui em ohjeilla, joten suunnattomat kiitokset sinulle ohjeista. host file managerissa en nähnyt muuta kuin esimerkkilistaukset sekä omalla rivillään: local host, ilmeisesti OK!

        Mutta kuten sanottua, ongelma korjautui :)
        Poistun tästä hyvillä mielin koiran kanssa lenkille!

        Kiitos ja kumarrus ;)


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Stefu LOISTAVAA!

      Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta
      Kotimaiset julkkisjuorut
      133
      1925
    2. Missä sinuun mies voisi

      näin pääsiäisenä vahingossa törmätä? Ei ilmeisesti missään?
      Ikävä
      69
      842
    3. Msisa on eronnut

      Mies ei kestänyt jatkuvia syrjähyppyjä eikä totuutta Turun yöstä.
      Kotimaiset julkkisjuorut
      28
      812
    4. Venäläisiä keksintöjä?

      Kun tässä nyt yritän miettiä venäläisiä keksintöjä, niin ei äkkiseltään tule oikein yhtään mieleen. Onko niitä edes?
      Maailman menoa
      259
      724
    5. Tiedän että on aika luovuttaa

      En vaan osaa. Liian kauan toivonut jotain, mikä ei koskaan tule toteutumaan. Olo ei ole mitenkään hyvä, mutta itken vähemmän kuin silloin kun sinuun r
      Ikävä
      64
      703
    6. Katumuksesta

      Pitkäperjantaina eräässä seurueessa puhuttiin katumisesta ja mitä itse kukin katuu. Yleisintä tuntui olevan pahasti sanominen jollekin läheiselle ja t
      Sinkut
      132
      670
    7. Raviskalla tappo?

      Huhuja liikkuu et raviskalla ois joku laitettu kylymäksi?
      Oulainen
      10
      664
    8. Et arvaa nainen, miten ikävä mulla on sinua.

      Sinua ei voi unohtaa. Pusu sulle musulle!
      Ikävä
      26
      639
    9. Sun mies on mun

      Sinun mies on yksin minun ja sinä et voi sille mitään.
      Ikävä
      77
      637
    10. Sisällissota kiihtyy Ruotsissa

      KaupunkiTaistelut koraanin puolesta kiihtyneet Linköpingissä ja Malmössä. Ruotsin poliisi joutunut vetäytymään suojiin. Päätän raporttini Ruotsista.
      Maailman menoa
      200
      627
    Aihe