Toymaatin apua kaivataan! (HijackThis -loki)

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi FIN_Kla 23.07.2005.

  1. FIN_Kla

    FIN_Kla Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 15:35:35, on 23.7.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\TBPanel.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.awpgrupxwmhdcnbsphegrvcn...3_o/q2r5f_CYkXRH/MLf/dYB1uRUCQiN6mHjZ3m8.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: (no name) - {C0206458-A0F7-823A-503B-356D721A82A4} - C:\DOCUME~1\8Pallo\APPLIC~1\GRAMFL~1\Active Tons.exe
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
    O4 - HKCU\..\Run: [PING WIPE] C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\First Browse.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104856784655
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


    Jos voisit autaa mua putsaamaan tän koneen, joka on pikkuhiljaa muuttumassa likakaivoksi. Anna kaikki neuvot ja vinkit jos viitsit. Kiitos jo etukäteen.
     
  2.  
  3. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    Toymaatti lähti mökille. Suosittelisin kuitenkin tekemään näin:

    Boottaa vikasietotilaan.

    Laita piilotiedostot näkyviin.
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

    FIXaa.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.awpgrupxwmhdcnbsphegrvcn.com/a0eBGMCwzAmdA6vj3tsFPWl83...
    O2 - BHO: (no name) - {C0206458-A0F7-823A-503B-356D721A82A4} - C:\DOCUME~1\8Pallo\APPLIC~1\GRAMFL~1\Active Tons.exe
    O4 - HKCU\..\Run: [PING WIPE] C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\First Browse.exe

    Poista tiedostot:
    C:\DOCUME~1\8Pallo\APPLIC~1\GRAMFL~1\---> Active Tons.exe <--
    C:\DOCUME~1\8Pallo\APPLIC~1\OPENIN~1\---> First Browse.exe <--

    Tyhjennä Tempit ja väliaikaiset Internet tiedostot.

    Boottaa kone.

    [bold] Päivitä Windows! [/bold]

    Hae eScan, päivitä ja skannaa. Laita logi jos löytyy jotain.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm

    Laita uusi hjt logi ja liitä mukaan uninstall_list
    Avaa hjt. Klikkaa Open the misc tools section -> Open uninstall manager -> Save list. Tallena Uninstall_list.txt ja sen sitten liität logiin.

    Asenna M$ Antispyware ja SpywareBlaster.
    http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
    http://www.javacoolsoftware.com/spywareblaster.html
     
  4. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    Toymaatin apua tässä ois tosiaan tarvittukin.

    Tuo oli jäänyt hoksaamatta :(

    FIXaa
    O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe

    Poista tämä tiedosto vikasietotilassa -> mssw32.exe
     
  5. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    V-kos hyvinhän tuon hoksasit itsekkin :D

    Noihin poistoihin lisäisin sen verran että poista myös nuo kansiot
    C:\DOCUME~1\8Pallo\APPLIC~1\===>GRAMFL~1<===
    C:\DOCUME~1\8Pallo\APPLIC~1\===>OPENIN~1<===

    Sulla on varmaankin ollut MessengerPlussa asennettuna ja olet poistanut sen? Jos näin on, poista vielä se MesePlussan kansio(Oletuksena tuolla C:\Program Files), ja jos entiset merkit pitävät paikkansa se ei lähde kuin vikasietotilassa.
    Jos viitsit niin kerro kävikö noin.
     
  6. kontrasti

    kontrasti Member

    Liittynyt:
    25.07.2005
    Viestejä:
    67
    Kiitokset:
    0
    Pisteet:
    16
    voisko joku kertoo että onko tässä jotakin mälsää kiitos jo etukäteen.
    Logfile of HijackThis v1.99.1
    Scan saved at 3:58:19, on 26.7.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PDesk\PDesk.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\WINDOWS\system32\mgabg.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\eMule\eMule.exe
    C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Werne\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121089048226
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

     
  7. kontrasti

    kontrasti Member

    Liittynyt:
    25.07.2005
    Viestejä:
    67
    Kiitokset:
    0
    Pisteet:
    16
    niin voisko joku kertoo että onko tossa jotakin?
     
  8. pkaksp

    pkaksp Moderator Ylläpitäjä

    Liittynyt:
    11.01.2005
    Viestejä:
    12,231
    Kiitokset:
    53
    Pisteet:
    128
    Jos nyt lähdetään ensin siitä, että kerrot mikä on ongelma? Ei noita lokeja täällä huvin vuoksi tarkastella, että jos kone toimii ihan moitteettomasti, niin silloin ok.

    Se riittää kun tarkistat omalla antivirus scannerilla koneen, ajat läpi parit spywaren poisto-ohjelmat ja pidät palomuurin päällä, niin koneesi pysyy varmasti 95% puhtaana. Ne mitä tuolla hjt:llä sitten löytyy, niin ei ole enää vaarallisia, lähinnä roskaa vain.

    Ja ennen tuota lokia olisi hyvä ajaa vielä parit online scannit läpi.

    Tuolta löydät kaiken tarvittavan: http://keskustelu.afterdawn.com/thread_view.cfm/162275
     
  9. kontrasti

    kontrasti Member

    Liittynyt:
    25.07.2005
    Viestejä:
    67
    Kiitokset:
    0
    Pisteet:
    16
    ok kiitti...
     
  10. FIN_Kla

    FIN_Kla Guest

    Kiitos äijjät. Nyt tuntus kone taas rullaavan paljo paremmin. Laitan vielä noi lokit tohon nii tsekatkaapa josko sielä vielä joku mörkö lymyäis.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:46:08, on 27.7.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\TBPanel.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\SpywareBlaster\spywareblaster.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\notepad.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104856784655
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



    Uninstall list:

    3DSex_Villa_ThriXXX
    Ad-Aware SE Professional
    Adobe Acrobat 5.0
    avast! Antivirus
    BitComet 0.56
    BSPlayer
    DAEMON Tools
    DC++ 0.667
    DiskExplorer for NTFS
    DMW Client 3 R4
    eMule
    EXPERTool
    ffdshow (remove only)
    GetDataBack for NTFS
    GSpot Codec Information Appliance
    Half-Life(R) 2
    HijackThis 1.99.1
    iTunes
    J2SE Runtime Environment 5.0 Update 1
    Look 'n' Stop 2.05p2
    Macromedia Shockwave Player
    Medal of Honor Allied Assault
    Medal of Honor Allied Assault(tm) Spearhead
    Medal of Honor Allied Assault(tm) Spearhead
    Microsoft AntiSpyware
    Microsoft Data Access Components KB870669
    Mobile Phone Manager
    Mozilla Firefox (1.0.4)
    MSN Messenger 7.0
    MSN Työkalupalkki
    Multi-Card Reader & Flash Disk
    Nero 6 Ultra Edition
    NVIDIA Drivers
    Outlook Express Q823353
    PC Inspector File Recovery
    PC Inspector smart recovery
    PowerQuest PartitionMagic 8.0 Demo
    QuickTime
    Realtek AC'97 Audio
    Shockwave
    Ski Jump International 3.11 Shareware
    Spybot - Search & Destroy 1.3
    SpywareBlaster v3.4
    Steam(TM)
    StillLife
    Subtitle Workshop 2.51
    TeamSpeak 2 RC2
    TeleWell TW-EA200/TW-EA500 ADSL USB Router
    Time Adjuster v2.9 (STANDARD)
    VideoLAN VLC media player 0.8.1
    WinAce Archiver
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887822
    Windows XP Hotfix - KB889293
    Windows XP Hotfix (SP2) Q329170
    Windows XP Hotfix (SP2) Q329441
    Windows XP Hotfix (SP2) Q810565
    Windows XP Hotfix (SP2) Q810577
    Windows XP Hotfix (SP2) Q810833
    Windows XP Hotfix (SP2) Q814033
    Windows XP Hotfix (SP2) Q817606
    Windows XP Hotfix (SP2) Q819696
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329048]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329390]
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329834]
    Windows XP Hotfix- KB823182
    Windows XP Hotfix- KB823559
    Windows XP Hotfix- KB824105
    Windows XP Hotfix- KB825119
    Windows XP Hotfix- KB828035
    Windows XP Hotfix- KB828741
    Windows XP Hotfix- KB833987
    Windows XP Hotfix- KB835732
    Windows XP Hotfix- KB837001
    Windows XP Hotfix- KB840315
    Windows XP Hotfix- KB840374
    Windows XP Hotfix- KB841873
    Windows XP Hotfix- KB842773
    Windows XP Service Pack 1a
    WinPatrol
    Yahoo! Toolbar

     
  11. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    [bold]@ FIN_Kla [/bold]

    Onko Windowsissa nyt kaikki päivitykset? Hjt näyttää SP1 ja uninstall listillä näkyy SP2

    Mikä tuo on -> 3DSex_Villa_ThriXXX

    Jos se on tämä niin hienolta näyttää :)
    http://www.3dsexgames.com/

    Puhtaalta näyttää mun puolesta.
     

Jaa tämä sivu