Hi jack tarkistus

hijack

2006-02-01 17:02:27

Nii ongelmana on et näytölle pomppaa tyhmiä sivuja välillä.niin jos joku tarkistais ku ite en ymmärrä yhtään

Logfile of HijackThis v1.99.1
Scan saved at 16:57:07, on 1.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Filseclab\Twister\twister.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\Common Files\Filseclab\FilMsg.exe
G:\WINDOWS\System32\devldr32.exe
G:\PROGRA~1\MESSEN~1\Msmsgs.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O2 - BHO: G:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - G:\WINDOWS\adsldpbe.dll
O2 - BHO: G:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - G:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - G:\WINDOWS\prflbmsgp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\Run: [twister] "G:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "G:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk040
O8 - Extra context menu item: &Translate English Word - res://g:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&&unknown&unknown&1&4&&unknown&unknown&1&4&&unknown&unknown&1&4&&unknown&unknown&
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854006.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136992036178
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gs - G:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - G:\WINDOWS\system32\st3.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

342

Äänestä

Vastaukset

Juu
2006-02-01 17:23:09
Säästä tuo työpöydälle

http://users.telenet.be/marcvn/tools/win32delfkil.exe

sitte tuplaklikaa ja asenna se ja saat win32delfkil kansion työpöydälle.
Avaa se ja aja fix.bat.

Kun se on valmiiks ajettu niin uus Hijack logi ja c\windelf.txt logi.
Fixaaja
2006-02-01 17:23:35
Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O2 - BHO: (no name) - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - (no file)
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk040
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&&unknown&unknown&1&4&&unknown&unknown&1&4&&unknown&unknown&1&4&&unknown&unknown&
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854006.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

Hae win32delfkil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe

Tallenna työpöydälle ja tuplaklikkaa, jolloin se purkaa itsensä win32delfkil-hakemistoon.
Sulje kaikki ikkunat ja avaa win32delfkil-hakemisto. Tuplaklikkaa fix.bat. Mikäli kone ei käynnisty uudestaan fixin jälkeen, käynnistä se itse. Lähetä uusi HjT-loki ja c:\windelf.txt-tiedoston sisältö tänne.
- Hijack
  2006-02-01 17:53:47
  Logfile of HijackThis v1.99.1
  Scan saved at 17:46:28, on 1.2.2006
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)
  
  Running processes:
  G:\WINDOWS\System32\smss.exe
  G:\WINDOWS\system32\winlogon.exe
  G:\WINDOWS\system32\services.exe
  G:\WINDOWS\system32\lsass.exe
  G:\WINDOWS\system32\svchost.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\spoolsv.exe
  G:\Program Files\AVPersonal\AVWUPSRV.EXE
  G:\WINDOWS\System32\nvsvc32.exe
  G:\WINDOWS\System32\tcpsvcs.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  G:\WINDOWS\System32\MsPMSPSv.exe
  G:\WINDOWS\Explorer.EXE
  G:\Program Files\Filseclab\Twister\twister.exe
  G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  G:\Program Files\MSN Messenger\msnmsgr.exe
  G:\PROGRA~1\MESSEN~1\Msmsgs.exe
  G:\Program Files\Common Files\Filseclab\FilMsg.exe
  G:\WINDOWS\System32\devldr32.exe
  C:\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [twister] "G:\Program Files\Filseclab\Twister\twister.exe" -a
  O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
  O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "G:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
  O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://g:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136992036178
  O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
  O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  
  ************************
  * WIN32DELFKIL LOGFILE *
  ************************
  by Marckie
  
  BEFORE RUNNING WIN32DELFKIL
  ***************************
  
  File(s) found in Windows directory
  ----------------------------------
  adsldpbe.dll
  adsldpbe.dll
  cc.exe
  prflbmsgp32.dll
  
  File(s) found in system32 folder
  --------------------------------
  st3.dll
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
  {C7CF1142-0785-4B12-A280-B64681E4D45E} REG_SZ z
  
  Notify key
  ----------
  subkey st3 is present!
  subkey gs is present!
  
  AFTER RUNNING WIN32DELFKIL
  **************************
  
  File(s) found in Windows directory
  ----------------------------------
  
  File(s) found in system32 folder
  --------------------------------
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  
  Notify key
  ----------
  
  näin! arvostan että jaksatte katsoa näitä :) ! ..
- Fixaaja
  2006-02-01 18:08:51
  Hijack kirjoitti:
  Logfile of HijackThis v1.99.1
  Scan saved at 17:46:28, on 1.2.2006
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)
  
  Running processes:
  G:\WINDOWS\System32\smss.exe
  G:\WINDOWS\system32\winlogon.exe
  G:\WINDOWS\system32\services.exe
  G:\WINDOWS\system32\lsass.exe
  G:\WINDOWS\system32\svchost.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\spoolsv.exe
  G:\Program Files\AVPersonal\AVWUPSRV.EXE
  G:\WINDOWS\System32\nvsvc32.exe
  G:\WINDOWS\System32\tcpsvcs.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  G:\WINDOWS\System32\MsPMSPSv.exe
  G:\WINDOWS\Explorer.EXE
  G:\Program Files\Filseclab\Twister\twister.exe
  G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  G:\Program Files\MSN Messenger\msnmsgr.exe
  G:\PROGRA~1\MESSEN~1\Msmsgs.exe
  G:\Program Files\Common Files\Filseclab\FilMsg.exe
  G:\WINDOWS\System32\devldr32.exe
  C:\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [twister] "G:\Program Files\Filseclab\Twister\twister.exe" -a
  O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
  O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "G:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
  O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://g:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136992036178
  O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
  O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  
  ************************
  * WIN32DELFKIL LOGFILE *
  ************************
  by Marckie
  
  BEFORE RUNNING WIN32DELFKIL
  ***************************
  
  File(s) found in Windows directory
  ----------------------------------
  adsldpbe.dll
  adsldpbe.dll
  cc.exe
  prflbmsgp32.dll
  
  File(s) found in system32 folder
  --------------------------------
  st3.dll
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
  {C7CF1142-0785-4B12-A280-B64681E4D45E} REG_SZ z
  
  Notify key
  ----------
  subkey st3 is present!
  subkey gs is present!
  
  AFTER RUNNING WIN32DELFKIL
  **************************
  
  File(s) found in Windows directory
  ----------------------------------
  
  File(s) found in system32 folder
  --------------------------------
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  
  Notify key
  ----------
  
  näin! arvostan että jaksatte katsoa näitä :) ! ..
  Hyvältä näyttää :)
  
  Onko vielä ongelmia?
  
  Nämä voit fixata, jos eivät ole itse asettamasi IE:n oletushaku:
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
- Jepps.
  2006-02-01 18:19:28
  Fixaaja kirjoitti:
  Hyvältä näyttää :)
  
  Onko vielä ongelmia?
  
  Nämä voit fixata, jos eivät ole itse asettamasi IE:n oletushaku:
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
  Jep, eipä ole vielä ainakaan ilmaantunu ongelmia.
  
  Tuon HJT pysty poistaan tuolta lisää\poista mut
  voiko ton delfkil poistaa ihan vaan deletellä? ..
  
  ja viel kiitos!
- Fixaaja
  2006-02-01 19:14:47
  Jepps. kirjoitti:
  Jep, eipä ole vielä ainakaan ilmaantunu ongelmia.
  
  Tuon HJT pysty poistaan tuolta lisää\poista mut
  voiko ton delfkil poistaa ihan vaan deletellä? ..
  
  ja viel kiitos!
  Voi poistaa deletellä.
- puuttuu
  2006-02-01 22:15:56
  Hijack kirjoitti:
  Logfile of HijackThis v1.99.1
  Scan saved at 17:46:28, on 1.2.2006
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)
  
  Running processes:
  G:\WINDOWS\System32\smss.exe
  G:\WINDOWS\system32\winlogon.exe
  G:\WINDOWS\system32\services.exe
  G:\WINDOWS\system32\lsass.exe
  G:\WINDOWS\system32\svchost.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\spoolsv.exe
  G:\Program Files\AVPersonal\AVWUPSRV.EXE
  G:\WINDOWS\System32\nvsvc32.exe
  G:\WINDOWS\System32\tcpsvcs.exe
  G:\WINDOWS\System32\svchost.exe
  G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  G:\WINDOWS\System32\MsPMSPSv.exe
  G:\WINDOWS\Explorer.EXE
  G:\Program Files\Filseclab\Twister\twister.exe
  G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  G:\Program Files\MSN Messenger\msnmsgr.exe
  G:\PROGRA~1\MESSEN~1\Msmsgs.exe
  G:\Program Files\Common Files\Filseclab\FilMsg.exe
  G:\WINDOWS\System32\devldr32.exe
  C:\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://G:\WINDOWS\System32\SearchBar.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsmart.tv/search
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
  O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [twister] "G:\Program Files\Filseclab\Twister\twister.exe" -a
  O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
  O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [MSMSGS] "G:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
  O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://g:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @G:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136992036178
  O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
  O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/MTVNAlerts1.0.exe
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
  
  ************************
  * WIN32DELFKIL LOGFILE *
  ************************
  by Marckie
  
  BEFORE RUNNING WIN32DELFKIL
  ***************************
  
  File(s) found in Windows directory
  ----------------------------------
  adsldpbe.dll
  adsldpbe.dll
  cc.exe
  prflbmsgp32.dll
  
  File(s) found in system32 folder
  --------------------------------
  st3.dll
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
  {C7CF1142-0785-4B12-A280-B64681E4D45E} REG_SZ z
  
  Notify key
  ----------
  subkey st3 is present!
  subkey gs is present!
  
  AFTER RUNNING WIN32DELFKIL
  **************************
  
  File(s) found in Windows directory
  ----------------------------------
  
  File(s) found in system32 folder
  --------------------------------
  
  SharedTaskScheduler key
  -----------------------
  
  SteelWerX Registry Console Tool 1.0
  Written by Bobbi Flekman © 2005
  
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
  
  Notify key
  ----------
  
  näin! arvostan että jaksatte katsoa näitä :) ! ..
  Windows Update.

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Virkamiehille tarvitaan tuntuvat palkankorotukset
Naistenpäivänä on syytä muistuttaa, että virkamiehen euro on vain 80 senttiä. Palkat tulee saattaa samalle tasolle yksi
08.03.2026 10:10Maailman menoa
43
4036
Riikka Purran kaudella nousi bensan hinta yli 2 euron
Muistatteko kuinka edellisen vasemmistohallituksen aikana, ns. Marinin aikakaudella, bensiiniä sai 1,3 euron litrahinnal
09.03.2026 17:52Maailman menoa
51
3681
Jäikö meidän välit
Mielestäsi Kesken?
08.03.2026 14:50Ikävä
70
3238
Olisipa saanut sinuun
Tutustua paremmin. Harmi että aloin lopulta jännittämään kun näytit tunteesi niin voimakkaasti ja lähestyit niin voimaak
08.03.2026 20:09Ikävä
94
3115
Mitäs nyt sijoittajat?
Pörssit laskevat maailmalla Iranin sodan takia ja muutenkin ovat olleet Trumpin vallan alla epävarmat. Ainoa, mikä on no
09.03.2026 11:16Maailman menoa
89
2094
Miks tän meidän
Rakkauden on pitänyt olla näin vaikeaa?
08.03.2026 08:53Ikävä
35
2048
muista olla
VAROVAINEN! m
08.03.2026 16:45Ikävä
24
1909
Onneksi on edes yksi kuva
Susta mitä voin välillä ihastella ja kaipailla sua😔
08.03.2026 21:13Ikävä
35
1870
Elän vastoin
Kaikkia arvoja kun en pysy sinusta erossa.
08.03.2026 17:38Ikävä
31
1861
Olisitpa se hellä
Ja herkkä minkä kuvan sain sinusta irl. Haluaisin että elämässäni olisi sellainen joka arvostaa minua juuri sellaisena k
08.03.2026 20:11Ikävä
23
1794

Hi jack tarkistus

Vastaukset

Hijack kirjoitti:

Fixaaja kirjoitti:

Jepps. kirjoitti:

Hijack kirjoitti:

Luetuimmat keskustelut

Virkamiehille tarvitaan tuntuvat palkankorotukset

Riikka Purran kaudella nousi bensan hinta yli 2 euron

Jäikö meidän välit

Olisipa saanut sinuun

Mitäs nyt sijoittajat?

Miks tän meidän

muista olla

Onneksi on edes yksi kuva

Elän vastoin

Olisitpa se hellä

Hjallis Harkimon, 72, Jasmine-rakas, 37, paljastaa suhteen alusta: "Vähän..."

Jutta Larm, 52, haluaa kumota tämän piintyneen ikämyytin

Mitäs nyt sijoittajat?

Minkä kouluarvosanan 4-10 annat Beck-leffoille?

Henri Alen tilittää yllättäen Vappu Pimiän uudesta MasterChef -pestistä: "Vaikka hän ei..."

Veli-matti savolainen kieltäyty pride paidasta koska se on hänen arvojen vastaista

Lähtisitkö Erikoisjoukot-leirille? Yksi kokelas paljastaa karun totuuden kulissien takaa

Salatut elämät: Lola Odusoga -paljastus - Tämä suosii tiettyjä Salkkarit-faneja!

Ikävä uutinen uudesta Unelmia Italiassa -kaudesta

MTV: Vappu Pimiä lataa yllättävän kommentin Helena Puolakasta: "Eihän Helena Puolakkakaan..."