jep eli voisko joku kattoa onko tuossa mittään ihmeellistä kun kone tilttailee koko ajan. Logfile of HijackThis v1.99.1 Scan saved at 14:21:28, on 17.9.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Print!\print!.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE C:\WINDOWS\System32\CTSvcCDA.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.inet.fi:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\acrobat reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [Task manager] TASKMON.EXE O4 - HKLM\..\Run: [vhiu] C:\WINDOWS\etufng.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\jotaki\acrobat reader\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: F-Secure product (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kyllä siinä on: Hae LSPFix tuolta (joko se zippi tai sitten exe). http://cexx.org/lspfix.htm Tallenna se vaikka työpöydälle tai johonkin hakemistoon. Avaa LSPFix Laita rasti ruutuun, "I know what I’m doing". Klikkaa vasemmassa ruudussa olevaa winsflt.dll , siirrä se oikealla olevaan ruutuun nuolinäppäimellä, klikkaa "Remove" ja sulje LSPFix. Fixaa hijackthisillä ( klikkaa do a system scan, merkkaa nämä ja paina fix checked): O4 - HKLM\..\Run: [Task manager] TASKMON.EXE O4 - HKLM\..\Run: [vhiu] C:\WINDOWS\etufng.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0-k O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCerti... Tiedätkö, mikä ohjelma tämä on -> O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe Itse en tunnista tuota. Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: C:\WINDOWS\==>etufng.exe<== TASKMON.EXE (varmaankin C:\Windows\system32-hakemistossa) Käynnistä uudestaan ja lähetä uusi loki.
tuo print on vissii joku printscreeen juttu. tuota etufng.exe tiedostoa ei löytynyt. taskmanin poistin. Logfile of HijackThis v1.99.1 Scan saved at 15:54:04, on 17.9.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE C:\Program Files\Print!\print!.exe D:\jotaki\acrobat reader\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE C:\WINDOWS\System32\CTSvcCDA.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.inet.fi:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\acrobat reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\jotaki\acrobat reader\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: F-Secure product (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Loki näyttää ihan hyvältä, tuon unohdin pyytää fixata. Fixaa se vielä. R3 - Default URLSearchHook is missing Ei tarvitse laittaa enää uutta lokia, jos nuo tilttailuongelmat hävisivät
Laita sitten seuraavaks uninstall-lista eli hijackthisissä open misc tools -> open uninstall manager -> save list -> tallenna. Se tallentaa tuon listan nimellä uninstall_list.txt. Lähetä se lista tänne.
Kiitti ku jaksat auttaa. Tuossa olis tuo lista: 5 Clicks Action Quake 2 Install v2 Ad-aware 6 Professional Adobe Acrobat 4.0 Adobe Download Manager 2.0 (Poista ainoastaan) Adobe PageMaker 7.0 Adobe Photoshop 6.0 Adobe Photoshop 7.0 Adobe Reader 7.0 - Suomi Adobe SVG Viewer Advanced Networking Pack for Windows XP Advanced RealMedia Export Plug-in for Premiere 6.0 Ahead Nero Burning ROM ATI Display Driver BHA B's Recorder GOLD 5.32 B's CLiP Canon OpenPage Print Component Canon PhotoRecord Canon PowerShot RS-232C TWAIN Driver Canon PowerShot Utilities PhotoStitch 3.1 Canon PowerShot Utilities ZoomBrowser EX DC++ 0.674 DVD-RAM Driver EAX Unified Enable S3 for USB Device Express Thumbnail Creator 1.72 F1RS F-Secure Internet Security 2005 GameSpy Arcade Gap Sk8er HijackThis 1.99.1 HP Image Zone 4.7 HP Image Zone Express HP PSC & OfficeJet 4.7 HP Software Update Image Transfer ImageMixer for Sony InterActual Player Internet Explorer Q903235 Java 2 Runtime Environment, SE v1.4.1_01 Java Web Start LAVA! Player MediaRing Talk Release 7.2.026 Microsoft Data Access Components KB870669 Microsoft Office 2000 SR-1 Premium MicroStaff WINASPI mIRC Motherboard Monitor 5 Mozilla (1.6) Mozilla Firefox (1.0.6) MSN Messenger 7.0 neoDVDplus oDC (remove only) Opera Paint Shop Pro 7 ESD Pinnacle Hollywood FX 5 PixMaker PixScreen_CE PowerDVD Päivitys Windows XP:lle (KB898461) Quake 3 Arena Demo Quake III Arena Point Release (1.29h) BETA QuickTime Realtek AC'97 Audio RevConnect RTLSetup Shockwave SolidCapture Sonera Internet FTP Sony USB Driver Sound Blaster AUDIOPCI128 Space Station Manager 1.1.0 TRIAL Spybot - Search & Destroy 1.4 Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896422) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896426) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899588) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB901214) The Sims Livin' Large TypingMaster Pro Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa wm828026] Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB871250 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883939 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889293 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891711 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896727 Windows XP Hotfix - KB897715 Windows XP Hotfix (SP2) Q322011 Windows XP Hotfix (SP2) Q327979 Windows XP Hotfix (SP2) Q814995 Windows XP Hotfix (SP2) Q819696 Windows XP Hotfix- KB820291 Windows XP Hotfix- KB821253 Windows XP Hotfix- KB822603 Windows XP Hotfix- KB823182 Windows XP Hotfix- KB824105 Windows XP Hotfix- KB824141 Windows XP Hotfix- KB825119 Windows XP Hotfix- KB826939 Windows XP Hotfix- KB826942 Windows XP Hotfix- KB828028 Windows XP Hotfix- KB828035 Windows XP Hotfix- KB828741 Windows XP Hotfix- KB833987 Windows XP Hotfix KB834707 Windows XP Hotfix- KB835732 Windows XP Hotfix- KB837001 Windows XP Hotfix- KB839645 Windows XP Hotfix- KB840315 Windows XP Hotfix- KB840374 Windows XP Hotfix- KB841873 Windows XP Hotfix- KB842773 Windows XP Hotfix- KB883357 WinRAR v3.20
Tuossa ei kyllä näkynyt mitään outoa. Hae tuolta -> http://koti.mbnet.fi/pattaya1/escanmwav.htm eScan, asenna se, päivitä ja skannaa ohjeiden sivulla olevien ohjeiden mukaan. Lähetä loki tänne sen jälkeen (maalaa siitä skannausikkunan alaosasta, kun skannaus on päättynyt, Virus Log Information-kohdasta rivit, kopioi ja liitä tänne). EI sitä koko lokia. Tässä ohjekuva:
Tallentuuko se mihinkään, kun titenkään se ei sitte ottanu tuota copya ja se ei sitä kopioinu ja suljin sen jo. Siinä oli kyllä jokaisessa jotaki no action taken perässä.
Tallentuu kyllä, hakemistoon C:\kaspersky nimellä mwav.log. Se on vaan niin järjettömän isokokoinen tiedosto, että sun täytyy siitä yrittää käsin löytää ne löydöt, missä luki no action taken. Jos onnistuu, lähetä ne rivit tänne (EI siis sitä koko pitkää lokia).
File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken. File C:\WINDOWS\System32\BO2802040113.dll tagged as not-a-virus:AdWare.VirtualBouncer.d. No Action Taken. File C:\WINDOWS\System32\KVIF_11.dll tagged as not-a-virus:AdWare.EZula.t. No Action Taken. File C:\WINDOWS\System32\KVIF_11.exe tagged as not-a-virus:AdWare.EZula.t. No Action Taken. File C:\WINDOWS\System32\msbb321.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
Katopas löytyykö sulta sellaista hakemistoa kun C:\program files\eZula Ja eti tosta samasta lokista vielä sanoilla "infected" ja "tagged as"(ilman lainausmerkkejä tietysti,siis ihan avaa vaikka muistioon ja Muokkaa -> Etsi), jos löytyis vielä muita.
Tommonen löyty kun pisti tagged as: File C:\WINDOWS\System32\msbb321.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken. Tuolla toisella ei löytynyt mitään. Ja ei ole tuota ezulaa program filesissä.
Se on sama kun jo aiemmin. Haepas tuolta -> http://www.ewido.net/en/download/ ewido, päivitä se, skannaa sillä ja anna poistaa mitä löytää. Lähetä sitten sen loki tänne.
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup :mozilla.9:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.10:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.58:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.59:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.60:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.61:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.62:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.63:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.64:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.65:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.66:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.67:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.68:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.13:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Profiles\default\1ihgnn8k.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.14:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Profiles\default\1ihgnn8k.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Esiasennettu\Cookies\esiasennettu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@download.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@downloads-zdnet.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup C:\Program Files\WHENUS~1\Search.exe -> Adware.SaveNow : Cleaned with backup C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\system32\KVIF_11.dll -> Spyware.BargainBuddy : Cleaned with backup C:\WINDOWS\system32\KVIF_11.exe -> Adware.eZula : Cleaned with backup C:\WINDOWS\system32\msbb321.dll -> Spyware.BargainBuddy : Cleaned with backup
Jaaha, ewido löysi ja poisti kaikkea kivaa noiden eScanin löytöjen lisäksi Onkos tilttailu jo hävinnyt?
Vähentynyt on todellaki. Kiitti vaan avuista. Vieläki tilttailee jos esim pelaan jotakin ja painan alt+tab että pääse kattoo vaikka irkkiä.