Haittaohjelma! Selaimen kaappaus? HijackThis-loki!

D0RiEn · 07.03.2007

Ok. Poistin kaikki SpyBot löydöt, mutta tuota Java juttua en löydä OHJAUSPANEELISTA? Tai sitte en vain ymmärrä jotakin. No kaipa sen täs vielä jossain vaiheessa hokaan. Jatkan kuitenkin tuosta seuraavasta ..

AfterDawn

Hujo · 07.03.2007

D0RiEn

Tupla-klikkaa LSPFix.exe jonka latasit
Rastita "I know what I'm doing" valinta.
Näet kaksi paneelia; Siirrä tuo rlls.dll vasemman puoleisesta tuonne Remove laatikkon ja paina
"Finish>>".
Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin.

laita uusi hjt loki

LoBer · 07.03.2007

D0RiEn:

mutta tuota Java juttua en löydä OHJAUSPANEELISTA? Tai sitte en vain ymmärrä jotakin.
Laajenna...

Eli Avaa Käynnistä>Ohjauspaneeli>Lisää tai poista sovellus>laita ylhäältä raksi kohtaan näytä päivitykset ja etsi nuo mikkoi:n sanomat vanhat Java versiot.

EDIT: Typo...

D0RiEn · 07.03.2007

Noniin, nyt ajoin CCleanerin ja AVG Anti-spywaren.

Tässä AVG raportti:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:23:59 7.3.2007

+ Scan result:

C:\Lataukset\ClockClient.zip/EmbeddingClient.dll -> Adware.Dm : No action taken.
C:\Lataukset\EmbeddingClient.dll -> Adware.Dm : No action taken.
C:\Program Files\Sonera Tietoturva\FWES\program\fsdfwd.exe -> Adware.Gator : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1659004503-790525478-725345543-1009\Components\A3C4CBBDDE6F34B9E068EA7EFAC46F61 -> Adware.KeenValue : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP201\A0088790.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP201\A0088802.dll -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110244.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110245.EXE -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110246.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110247.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP314\A0122413.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP319\A0124269.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP306\A0121403.exe -> Adware.Relevant : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken.
C:\Program Files\FileSubmit\VVSNInst.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP195\A0084149.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP195\A0084150.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110240.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110241.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110242.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP309\A0121594.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenUSearch -> Adware.WhenU : No action taken.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : No action taken.
:mozilla.45:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.23:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.49:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.51:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.72:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.73:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.84:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.85:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.111:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.98:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.66:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.67:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.24:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.50:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.150:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.52:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.153:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.158:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.161:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.163:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.164:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.16:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.17:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.18:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.19:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.168:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
:mozilla.110:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.134:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.52:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.106:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.107:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.20:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.21:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.35:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.37:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.14:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.165:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.18:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.75:C:\Documents and Settings\jaana\Application Data\Mozilla\Firefox\Profiles\q31rgs02.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.101:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.102:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.103:C:\Documents and Settings\harri\Application Data\Mozilla\Firefox\Profiles\5qxvkpnp.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.68:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.69:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.70:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.71:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.72:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.73:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.74:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.75:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.76:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

Tässä vielä HijackThis tarkistettavaksi, jos sinne vaikka olisi jäänyt jotain:

Logfile of HijackThis v1.99.1
Scan saved at 21:37:05, on 7.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Lataukset\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bib deaf start wave] C:\Documents and Settings\All Users\Application Data\DrvDefyBibDeaf\bold meal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

mikkoi · 07.03.2007

Et sitten laittanu niitä asetuksia quarantineen...

Poista Lisää/Poista sovelluksesta:
WhenU Save (tai vastaava)

Poista vikasietotilassa:
C:\Program Files\Save

D0RiEn · 07.03.2007

Tein juuri niinkuin neuvoit (?)

mikkoi · 07.03.2007

* Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.

Oliko se noin?

D0RiEn · 07.03.2007

Ei ollut, mutta muutin siihen sen Quarantine.

mikkoi · 07.03.2007

AVG ei nimittäin tehnyt noille tiedostoille mitään. Aja se skanni uudestaan ja varmistu, että siinä lukee Quarantine.

D0RiEn · 07.03.2007

Ok. Se kyllä välis ilmoitti jotain virheilmoituksia tai jotain vastaavaa. Kokeilen uudestaan.

D0RiEn · 07.03.2007

Nyt ajoin uudelleen tuon AVG :n

Tässä raportti:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:44:29 7.3.2007

+ Scan result:

C:\Lataukset\ClockClient.zip/EmbeddingClient.dll -> Adware.Dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP319\A0124330.dll -> Adware.Dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP319\A0124331.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Lataukset\backups\backup-20070304-201151-872.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP314\A0122504.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP260\A0102806.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP260\snapshot\MFEX-1.DAT -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP302\A0120651.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP306\A0121271.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP306\A0121451.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll.bak -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlxf.dll -> Adware.RK : Cleaned with backup (quarantined).
[1036] c:\windows\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).
[512] C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
[812] C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Error during cleaning.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP309\A0121606.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP319\A0124329.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenUSearch -> Adware.WhenU : Cleaned with backup (quarantined).
C:\Documents and Settings\miika\Käynnistä-valikko\Ohjelmat\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : Error during cleaning.
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP279\A0110352.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{001467E0-E5F2-4AB3-A79A-11F4E8A6C135}\RP259\A0102790.exe -> Proxy.Small.osw : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.6:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\anniina\Application Data\Mozilla\Firefox\Profiles\p3887pqx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

::Report end

Poistamisen/korjaamisen aikana se ilmoitti jotain tällaista:

Valitsin "kyllä"

Valitsin "no"

D0RiEn · 07.03.2007

Mulla on ollut tässä koneella aina käytössä Soneran tietoturva ja näkyy se olevan vieläkin käynnistä valikossa, mutta se ei jostain kumman syystä toimi, eikä tuolla oikeassa alareunassa kellon vieressä enää ole sitä pikkukuvaketta mistä sai tarkistettua koneen yms. Mihin se on nyt yhtäkkiä hävinnyt? Vaikuttaako joku näistä ohjelmista mitä olen nyt tässä asennellut niin sen toimintaan? Vai onko nämä ohjelmat mahdollisesti poistaneet jotain tietoturvan tiedostoja? Mikä neuvoksi?

Hujo · 07.03.2007

laita uusi hjt loki

AVG Anti-Spyware tuhosi F-securen

tuolta ei taida löytyä enään
C:\Program Files\Sonera Tietoturva\FWES\program\fsdfwd.exe

jos löytyy klikkaa sitä ja paina Remove ÄLÄ deletoi

D0RiEn · 08.03.2007

Löytyi vaan: Sonera tietoturva -> FWES -> Program -> fsdc.dll, fsdfwpi.dlll, fshk.dlll, fsmirror.dlll

Miten ihmeessä saan tietoturvan takaisin? En muutenkaan ole päivittellyt sitä ikinä itse tähän vaan joku ihan muu. Mulla ei ole mitää tietoa sen laittamisesta uudelleen. Tämä sama on ollut aiemminkin ja pian sen jälkeen koko järjestelmä kaatui ja kaikki uusiksi. Voisiko joku neuvoa?

Hujo · 08.03.2007

remove ja uusi hjt loki

D0RiEn · 08.03.2007

Siis voitko vääntää tämänkin asian rautalangasta, eli miten tämä nyt tapahtuu? Mitä nuosta klikkaan ja mistä se "remove" klikataan?

Hujo · 08.03.2007

avaa avg:n anti-spyware
siten met tuonne

Sonera tietoturva <-- klikkaat ja painat nappia remove
Älä paina delete nappia

sitten kun olet tehnyt niin scannaat uuden hjt lokin

D0RiEn · 08.03.2007

Logfile of HijackThis v1.99.1
Scan saved at 0:09:02, on 9.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Samurize\Client.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Lataukset\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bib deaf start wave] C:\Documents and Settings\All Users\Application Data\DrvDefyBibDeaf\bold meal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

Hujo · 08.03.2007

Otas ja sammuta ja käynnistä

sitten otaat uuden hjt lokin sinne itelles jos näät tämän rivin vielä näin

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)

niin asenna F-secure uudestaan

Silloin kun asennat f-securen nettipiuha ei saa olla seinässä kiinni

D0RiEn · 08.03.2007

Ok. Rivi näkyy edelleen näin:

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)

Asennan siis uusiksi tietoturvan.

Kirjaudu tai liity jäseneksi

Haittaohjelma! Selaimen kaappaus? HijackThis-loki!

D0RiEn Regular member

Hujo Guest

LoBer Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

D0RiEn Regular member

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Haittaohjelma! Selaimen kaappaus? HijackThis-loki!

D0RiEn Regular member

Hujo Guest

LoBer Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

mikkoi Regular member

D0RiEn Regular member

D0RiEn Regular member

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Hujo Guest

D0RiEn Regular member

Jaa tämä sivu

Hyödyllisiä hakuja