Nyt tarvis

hidastelee

apuja... tässä logi

Logfile of HijackThis v1.99.1
Scan saved at 10:59:08, on 3.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144967824918
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

4

147

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • tämä_kin

      File C:\WINDOWS\system32\dhbjwksm.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
      File C:\WINDOWS\system32\rqrsq.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
      File C:\WINDOWS\system32\dhbjwksm.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
      File C:\WINDOWS\system32\rqrsq.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.

    • lisäksi

      AD - 06-12-03 21:17:58,08 Service Pack 2
      ComboFix 06.11.27W - Running from: "C:\Documents and Settings\AD\Ty”p”yt„"

      (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

      C:\WINDOWS\teller2.chk
      C:\Documents and Settings\LocalService\Application Data\NetMon

      ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

      Folders Quarantined:

      C:\QooBox\Purity\Program Files\PPATCH~1
      C:\QooBox\Purity\Program Files\PPATCH~1\?ttrib.exe

      ((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

      2006-12-03   17:48      d--------   C:\Downloads
      2006-12-03   17:48      d--------   C:\Bases
      2006-12-03   17:47      d--------   C:\Kaspersky
      2006-12-03   13:12      d--------   C:\Documents and Settings\AD\Phone Browser
      2006-12-03   12:52      d--------   C:\WINDOWS\system32\DRM
      2006-12-03   10:51      d--------   C:\WINDOWS\pss
      2006-12-01   16:38      d--------   C:\WINDOWS\WBEM
      2006-12-01   16:38      d--------   C:\WINDOWS\system32\fi-fi
      2006-12-01   16:36      d--h-c---   C:\WINDOWS\ie7
      2006-12-01   16:31   121,856   ---------   C:\WINDOWS\system32\xmllite.dll
      2006-12-01   16:27      d--------   C:\WINDOWS\network diagnostic
      2006-12-01   16:22      d--------   C:\f329cb3aa308b61ca995fcd5
      2006-12-01   15:46      d--------   C:\Documents and Settings\All Users\Application Data\PC Suite
      2006-12-01   15:33      d--------   C:\Program Files\MSXML 4.0
      2006-12-01   15:32      d--------   C:\eafd9a562810719749c3ba
      2006-12-01   15:11      d--------   C:\Program Files\DIFX
      2006-12-01   15:09      d--------   C:\Program Files\PC Connectivity Solution
      2006-11-07   21:03   6,049,280   ---------   C:\WINDOWS\system32\ieframe.dll
      2006-11-07   21:03   50,688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
      2006-11-07   21:03   458,752   ---------   C:\WINDOWS\system32\msfeeds.dll
      2006-11-07   21:03   180,736   ---------   C:\WINDOWS\system32\ieui.dll
      2006-11-07   03:26   13,312   --a------   C:\WINDOWS\system32\ieudinit.exe
      2006-11-06   11:35   531,568   --a------   C:\WINDOWS\system32\RmActivate_isv.exe
      2006-11-06   11:35   523,376   --a------   C:\WINDOWS\system32\RmActivate.exe
      2006-11-06   11:35   519,280   --a------   C:\WINDOWS\system32\SecProc_isv.dll
      2006-11-06   11:35   518,768   --a------   C:\WINDOWS\system32\SecProc.dll
      2006-11-06   11:35   358,000   --a------   C:\WINDOWS\system32\RmActivate_ssp.exe
      2006-11-06   11:35   354,416   --a------   C:\WINDOWS\system32\RmActivate_ssp_isv.exe
      2006-11-06   11:35   323,696   --a------   C:\WINDOWS\system32\msdrm.dll
      2006-11-06   11:35   192,624   --a------   C:\WINDOWS\system32\SecProc_ssp_isv.dll
      2006-11-06   11:35   192,624   --a------   C:\WINDOWS\system32\SecProc_ssp.dll
      2006-11-04   14:14   1,245,696   --a------   C:\WINDOWS\system32\msxml4.dll

      (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

      2006-12-03 12:35   --------   d--------   C:\Program Files\Internet Explorer
      2006-12-01 15:03   --------   d--------   C:\Program Files\Nokia
      2006-11-07 21:03   413696   --a------   C:\WINDOWS\system32\vbscript.dll
      2006-11-07 21:03   231424   --a------   C:\WINDOWS\system32\webcheck.dll
      2006-11-07 21:03   156160   --a------   C:\WINDOWS\system32\msls31.dll
      2006-11-07 03:27   382976   --a------   C:\WINDOWS\system32\iedkcs32.dll
      2006-11-07 03:27   229376   --a------   C:\WINDOWS\system32\ieaksie.dll
      2006-11-07 03:26   71680   --a------   C:\WINDOWS\system32\admparse.dll
      2006-11-07 03:26   55296   --a------   C:\WINDOWS\system32\iesetup.dll
      2006-11-07 03:26   54784   --a------   C:\WINDOWS\system32\ie4uinit.exe
      2006-11-07 03:26   43008   --a------   C:\WINDOWS\system32\iernonce.dll
      2006-11-07 03:26   152064   --a------   C:\WINDOWS\system32\ieakeng.dll
      2006-11-07 03:26   123904   --a------   C:\WINDOWS\system32\advpack.dll
      2006-11-07 03:25   161792   --a------   C:\WINDOWS\system32\ieakui.dll
      2006-10-17 12:06   78336   --a------   C:\WINDOWS\system32\ieencode.dll
      2006-10-17 12:05   40960   --a------   C:\WINDOWS\system32\licmgr10.dll
      2006-10-17 12:05   206336   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
      2006-10-17 12:05   105984   --a------   C:\WINDOWS\system32\url.dll
      2006-10-17 12:04   101376   --a------   C:\WINDOWS\system32\occache.dll
      2006-10-17 12:03   17408   --a------   C:\WINDOWS\system32\corpol.dll
      2006-10-17 11:58   61952   ---------   C:\WINDOWS\system32\icardie.dll
      2006-10-17 11:58   12288   ---------   C:\WINDOWS\system32\msfeedssync.exe
      2006-10-17 11:57   36352   --a------   C:\WINDOWS\system32\imgutil.dll
      2006-10-17 11:57   266752   ---------   C:\WINDOWS\system32\iertutil.dll
      2006-10-17 11:56   45568   --a------   C:\WINDOWS\system32\mshta.exe
      2006-10-17 11:28   48128   --a------   C:\WINDOWS\system32\mshtmler.dll
      2006-10-17 11:27   380928   ---------   C:\WINDOWS\system32\ieapfltr.dll
      2006-10-13 14:37   65536   --a------   C:\WINDOWS\system32\nwwks.dll
      2006-10-13 14:37   64000   --a------   C:\WINDOWS\system32\nwapi32.dll
      2006-10-13 14:37   142336   --a------   C:\WINDOWS\system32\nwprovau.dll
      2006-10-13 12:23   163584   --a------   C:\WINDOWS\system32\drivers\nwrdr.sys
      2006-10-11 18:26   58880   --a------   C:\WINDOWS\system32\pnrpnsp.dll
      2006-10-11 18:26   553984   --a------   C:\WINDOWS\system32\p2psvc.dll
      2006-10-11 18:26   313344   --a------   C:\WINDOWS\system32\p2pgraph.dll
      2006-10-11 18:26   153088   --a------   C:\WINDOWS\system32\p2p.dll
      2006-10-11 18:26   116224   --a------   C:\WINDOWS\system32\p2pnetsh.dll
      2006-10-11 18:26   104960   --a------   C:\WINDOWS\system32\p2pgasvc.dll
      2006-10-10 08:54   50688   --a------   C:\WINDOWS\system32\nmwcdcls.dll
      2006-09-13 07:03   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
      2006-09-06 16:43   22752   --a------   C:\WINDOWS\system32\spupdsvc.exe

      (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

      *Note* empty entries are not shown

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "CARPService"="carpserv.exe"
      "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
      "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
      "PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d"
      "srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
      "Display Settings"="C:\\Program Files\\HPQ\\Notebook Utilities\\hptasks.exe /s"
      "QT4HPOT"="C:\\Program Files\\HPQ\\One-Touch\\OneTouch.EXE"
      "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
      "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
      "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
      "DataLayer"="C:\\Program Files\\Nokia\\Nokia PC Suite 5\\DataLayer.exe"
      "Nokia Tray Application"="C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe"
      "F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
      "F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
      "F-Secure Startup Wizard"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
      "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
      "News Service"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""
      "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
      "Installed"="1"
      "NoChange"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
      "Installed"="1"

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
      "DeskHtmlVersion"=dword:00000110
      "DeskHtmlMinorVersion"=dword:00000005
      "Settings"=dword:00000001
      "GeneralFlags"=dword:00000001

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Nykyinen kotisivu"
      "Flags"=dword:00000002
      "Position"=hex:2c,00,00,00,aa,00,00,00,00,00,00,00,56,03,00,00,e2,02,00,00,00,\
      00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
      "CurrentState"=hex:04,00,00,40
      "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
      ff,ff,04,00,00,00
      "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
      00,00,01,00,00,00

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
      "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      "{20D57A66-F7DF-467d-907B-9B7F4A118AB7}"=""
      "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "dontdisplaylastusername"=dword:00000000
      "legalnoticecaption"=""
      "legalnoticetext"=""
      "shutdownwithoutlogon"=dword:00000001
      "undockwithoutlogon"=dword:00000001

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
      "DisableTaskMgr"=dword:00000000
      "DisableRegistryTools"=dword:00000000

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091
      "CDRAutoRun"=dword:00000000

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
      "DisableTaskMgr"=dword:00000000
      "DisableRegistryTools"=dword:00000000

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091
      "CDRAutoRun"=dword:00000000

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
      "path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Microsoft Office.lnk"
      "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
      "location"="Common Startup"
      "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
      "item"="Microsoft Office"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
      "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
      "item"="LAUNCH~1"
      "hkey"="HKLM"
      "command"="C:\\PROGRA~1\\Nokia\\NOKIAP~2\\LAUNCH~1.EXE -onlytray"
      "inimapping"="0"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

      ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

      backup-20060414-002123-274
      O4 - HKLM\..\Run: [vxd32] rundll32.exe C:\WINDOWS\System32\vxd32.dll,start

      Contents of the 'Scheduled Tasks' folder
      C:\WINDOWS\tasks\Scheduled scanning task.job

      Completion time: 06-12-03 21:21:09.84
      C:\ComboFix.txt ... 06-12-03 21:21

    • hidastelee.. vieläkin

      päivitin tuon ie:n

      Logfile of HijackThis v1.99.1
      Scan saved at 21:28:29, on 3.12.2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
      C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
      C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
      C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
      C:\WINDOWS\system32\HPConfig.exe
      C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
      C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
      C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
      C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
      C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
      C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
      C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
      C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
      C:\WINDOWS\system32\carpserv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\HPQ\One-Touch\OneTouch.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
      C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
      C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
      C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
      C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
      C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Kaspersky\mwavscan.com
      C:\Kaspersky\kavss.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\HJT\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.fi/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
      O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
      O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
      O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
      O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
      O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
      O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144967824918
      O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
      O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
      O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
      O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
      O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
      O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
      O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    • ihan aikuisen

      oikeesti vastausta, kiitos

    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Hoitajalakko peruuntuu, tilalle joukkoirtisanoutumiset

      "Tehyn ja Superin hallitukset kokoontuivat tänään toteamaan, että tilanne edellyttää järeämpiä työtaistelutoimia." https://www.hs.fi/politiikka/art-2
      Maailman menoa
      739
      9126
    2. Johan tuli oikea aivopieru Britti Lordilta

      Emeritusprofessori Lordi Robert Skidelsky sanoi Suomen rikkovan YYA sopimusta joka on tehty Neuvostoliiton kanssaa 1948. Mitä pir
      Maailman menoa
      373
      7846
    3. Tehyn Rytkösellä tallessa tekstiviestit A-studiokohussa

      https://www.mtvuutiset.fi/artikkeli/a-studiosta-kohu-tehyn-rytkosen-mukaan-ministeri-linden-sai-paattaa-osallistujat-ohjelma-kiistaa-vaitteen/8407068
      Maailman menoa
      160
      5503
    4. William ja Sonja Aiello ERO

      Hyvä Sonja! Nyt etsit uudet kaverit ja jätät nuo huume- ja rahanpesu porukat haisemaan taaksesi!
      Kotimaiset julkkisjuorut
      54
      2316
    5. Oho! Seurapiirikaunotar, ex-missi Sabina Särkkä yllättää tällä harvinaisella kyvyllä: "Mulla on..."

      Sabina Särkkä on nähty monissa tv-reality-sarjoissa. Mutta tiesitkö, että Särkällä on valokuvamuisti? https://www.suomi24.fi/viihde/oho-seurapiirikaun
      Kotimaiset julkkisjuorut
      6
      2076
    6. Se siitä sitten

      Kirjoitan tänne kun en sulle voi. En vaivaa sua enää koskaan. En ikinä tarkoittanut olla ahdistava tai takertuva. Tunteet heräsi enkä osannut olla tyy
      Ikävä
      82
      1717
    7. Ohhoh! Rita Niemi-Manninen otti ison tatuoinnin - Herätti somekansan: "Täydellinen paikka!"

      Rita Niemi-Mannisen suuri, uusi tatuointi on saanut somekansan heräämään talvihorroksesta. Niemi-Manninen otti tatskan rakkauslomalla Aki-miehensä kan
      Kotimaiset julkkisjuorut
      19
      1659
    8. Ihastumisesta kertominen

      Olen päättänyt kertoa tunteistani ihastukseni kohteelle. Erityisen vaikeaksi tilanteeni tekee se, että kyseessä on ns. kielletty rakkaus. Olen jo toi
      Ihastuminen
      92
      1396
    9. Taas Venäjän tiedoittaja akka Varoitti Suomea ja Ruotsia liittymästä Natoon

      Juuri sopivasti julkaistu varoitus, kun Suomen eduskunta alkaa klo 13:50 käsitellä asiaa suorassa TV 1:n lähetyksessä. ILtasanomat.
      Maailman menoa
      439
      1332
    10. Stefusika räkättää

      kun on viikon ollut kuivilla ja poliisi puhalluttaa just silloin. Muutoin olis jääny kiinni. Ja sekös sikamiestä hirnuttaa. Ällö ukko ja vielä ällömmä
      Kotimaiset julkkisjuorut
      80
      1199
    Aihe