Tässsä ois taas jollekkin tekemistä uusi kone uudet (haitat). Kiitoksia jo etukäteen Adobe Acrobat 5.0 Adobe Download Manager 1.2 (Poista ainoastaan) Adobe Reader 6.0.1 - Suomi Advanced Networking Pack for Windows XP ArcSoft PhotoStudio 2000 AsusUpdate Canon Internet Library for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon S300 Canon ScanGear Toolbox CS 2.2 Canon Utilities File Viewer Utility 1.3 Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX DC++ (remove only) Disney Interactive Global Compatibility Update June 2003 Disneyn pelikokoelma DivX Codec DivX Player Euroword 99 F-Secure Anti-Virus F-Secure BackWeb F-Secure Distributed Firewall F-Secure Management Agent HijackThis 1.99.1 Java 2 Runtime Environment, SE v1.4.2_01 Messenger Plus! 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Finnish Language Pack Microsoft PowerPoint Viewer 97 Microsoft Word 97 Viewer Mozilla Firefox (1.0.6) MSN Messenger 7.0 MSN Työkalupalkki MTV3 - 24 Screen Saver My Search Bar Nero Päivitys Windows XP:lle (KB898461) RealPlayer Basic Scan Manager 5.2 Shockwave SiS Audio Driver Skype 1.2 Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893066) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896422) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896426) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899588) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB901214) Tattoosociety.de Ulead Photo Express 4.0 SE Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 9:n Hotfix-korjauspäivitys [lisätietoja on artikkelissa KB885492] Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa wm828026] Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896727 Windows XP Hotfix (SP2) Q322011 Windows XP Hotfix (SP2) Q327979 Windows XP Hotfix (SP2) Q328310 Windows XP Hotfix (SP2) Q329170 Windows XP Hotfix (SP2) Q329441 Windows XP Hotfix (SP2) Q810565 Windows XP Hotfix (SP2) Q810577 Windows XP Hotfix (SP2) Q810833 Windows XP Hotfix (SP2) Q811493 Windows XP Hotfix (SP2) Q814033 Windows XP Hotfix (SP2) Q814995 Windows XP Hotfix (SP2) Q815021 Windows XP Hotfix (SP2) Q817606 Windows XP Hotfix (SP2) Q819696 Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329048] Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115] Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329390] Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329834] Windows XP Hotfix- KB282010 Windows XP Hotfix- KB820291 Windows XP Hotfix- KB821253 Windows XP Hotfix- KB821557 Windows XP Hotfix- KB822603 Windows XP Hotfix- KB823182 Windows XP Hotfix- KB823559 Windows XP Hotfix- KB824105 Windows XP Hotfix- KB824141 Windows XP Hotfix- KB824146 Windows XP Hotfix- KB825119 Windows XP Hotfix- KB828035 Windows XP Hotfix- KB828741 Windows XP Hotfix- KB835732 Windows XP Hotfix- KB842773 Logfile of HijackThis v1.99.1 Scan saved at 19:14:56, on 15.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cttynuqcxle.com/QUuc53lZkTAwPg6lglFKx4wIYR3dI5uqN2kM9ws2mIqDXR15poz6bDqg9zAvQUEg.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fysidpixjjbmwfdvdp.com/QUuc53lZkTBPqFy0qZFGTVjgaB9mP7XW7h57Vt/dlMM.jpg R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7F585EE5-5F63-1F1A-C44C-ED39ED944123} - C:\DOCUME~1\PELTON~1\APPLIC~1\GlueSeek\JunkFour.exe (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Browse Trans First Inside] C:\Documents and Settings\All Users\Application Data\Rdr Remote Browse Trans\optiongreat.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [1 That] C:\DOCUME~1\PELTON~1\APPLIC~1\BARBBU~1\TYPEGPLMEOW.exe O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.pizdato.biz O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.vse-moe.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab O16 - DPF: {339C58C6-427A-4629-A5A6-7F853C50C5A6} - http://82.179.166.72/1/rdgFI208.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Vai niin Kiitos uninstall-listasta Poista lisää/poista sovellus-kohdasta: My Search Bar Fixaa HjT:llä (do a system scan only, merkkaa nämä ja paina fix checked): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cttynuqcxle.com/QUuc53lZkTAwPg6lglFKx4wIYR3dI5uqN2kM9w... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fysidpixjjbmwfdvdp.com/QUuc53lZkTBPqFy0qZFGTVjgaB9mP7X... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {7F585EE5-5F63-1F1A-C44C-ED39ED944123} - C:\DOCUME~1\PELTON~1\APPLIC~1\GlueSeek\JunkFour.exe (file missing) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto O4 - HKLM\..\Run: [Browse Trans First Inside] C:\Documents and Settings\All Users\Application Data\Rdr Remote Browse Trans\optiongreat.exe O4 - HKCU\..\Run: [1 That] C:\DOCUME~1\PELTON~1\APPLIC~1\BARBBU~1\TYPEGPLMEOW.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.pizdato.biz O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.vse-moe.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab O16 - DPF: {339C58C6-427A-4629-A5A6-7F853C50C5A6} - http://82.179.166.72/1/rdgFI208.exe Olikos se mese+ asennettu ilman mainosohjelmaa? Koska noita loppeja riittää. Jos ei, niin poista se kans ohjauspaneelista: Messenger Plus! 3 ja fixaa tämä: O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" Laita piilotiedostot näkyviin, ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: C:\DOCUME~1\PELTON~1\APPLIC~1\==>GlueSeek<== (jos on) C:\PROGRA~1\==>PERFEC~1<== (jos on) C:\Program Files\==>MyWay<== C:\Program Files\==>websx<== C:\Documents and Settings\All Users\Application Data\==>Rdr Remote Browse Trans<== C:\DOCUME~1\PELTON~1\APPLIC~1\==>BARBBU~1<== (eli siis C:\Documents and Settings\Pelton..\Application Data\Barbbu..) C:\WINDOWS\web\==>related.htm<== (C:\Program Files\==>MessengerPlus! 3<==) Käynnistä uudestaan ja lähetä uusi HjT-loki.
Dodii nyt uusiks Logfile of HijackThis v1.99.1 Scan saved at 20:34:00, on 15.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe D:\Phone\Skype.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xkvtfmamyntvqxyq.org/QUu...YR3dI5uqN2kM9ws2mIoklNFMkh6Hqjqg9zAvQUEg.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Fixaa vielä nämä: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xkvtfmamyntvqxyq.org/QUuc53lZkTAwPg6lglFKx4wIYR3dI5uqN... O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) Käynnistys ja lähetä uusi HjT-loki.
Tässä taas Logfile of HijackThis v1.99.1 Scan saved at 21:03:56, on 15.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe D:\Phone\Skype.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124168773266 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure IPsec Daemon - F-Secure Corporation - C:\Program Files\F-Secure\VPNPlus\Program\fsvpnd.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe