Tämä pöpö löytyi koneesta. Ei saa millään pois. Onko jollain tietoa kuinka sen saisi pois, ilman että W2K:ta tarvitsisi asentaa uudelleen. Rekisterin viilaus ei ole auttanut (easycleaner/ käynnistyvät ohjelmat), vaan se ilmestyy sinne ainavaan uudelleen.

Pandan onlien Active Scan löytää koneelta viruksen nimeltä MediaTickets, jonka pitäisi olls ilmoituksen mukaan Windowsin rekisterissä. Kun ohjelma ei ilmoita viruksen sijaintipaikaa paremmin, ei sitä löydä millään. Noilla nimillä haettuna ei rekisteristä eikä koneelta löydy yhtään mitään. Eikä tuolla ActiveScannilla voi sitä poistaa. Tas F-securen koneella oleva virusohjhelma ei löydä yhtään mitään, ei myöskään Spybot eikä Ad-Aware SE Personal. Onko tuo vain Pandan Aware ohjelman mainos vai mikä?

Alla on HijackThis logi.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:15, on 1.3.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program Files\H_menu\H_menu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: H-menu.lnk = C:\Program Files\H_menu\H_menu.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sizer.lnk = C:\Program Files\Sizer\sizer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - (no file)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Miksi työpaikan tietokoneeni ei muista käyttäjänimeä eikä salasanaa kirjautuessani niitä vaativille sivustoille kuten esim. ammattilaisen karttapaikka (www.karttapaikka.fi), vaikka "muista salasana" kohtaan pistän aina ruksin?? Sama ongelma on sähköpostin kanssa. Käyttöjärjestelmänä on XP ja työpaikalla on lähiverkko. Mikä neuvoksi?

Skannasin koneen usealla eri online skannerilla ja se löysi 3 troijalaista windowsin alikansioista. Kysymys kuuluu että uskaltaako niitä tiedostoja poistaa vai onko mahdollista että kone ei enää sen jälkeen toimi? Ja koska Nortonin palomuuri on sekoillut lähipäivien ajan ni oisko siihen syynä noi troijalaiset vai? Itse nortonin virusohjelma ei niitä löytänyt.... Auttakee kärpsek!

http://hijackthis.de/index.php?langselect=english

Hienoo !

Tietokone temppuilee, ei anna ajaa läpi Ad-awarea eikä spybottia vaan pysähtyy aina ja ilmoittaa virusvaroitusta ja jumittuu sen jälkeen??!

Logfile of HijackThis v1.99.1
Scan saved at 12:18:02, on 26.2.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\OHJELMATIEDOSTOT\COMPAQ\DIGITAL DASHBOARD\CPQMLDET.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\LOADQM.EXE
C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
C:\OHJELMATIEDOSTOT\AVPERSONAL\AVGCTRL.EXE
C:\OHJELMATIEDOSTOT\AVPERSONAL\AVSCHED32.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\OHJELMATIEDOSTOT\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\OHJELMATIEDOSTOT\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.fi.soneraplaza.net/cgi/sonera-ie5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.antiikkiliikewanhaelias.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/script....dll?c=2C01&lc=040b&s=search&ap=b204
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\MSLAGENT\4B_1,0,1,1_MSLAGENT.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\ohjelmatiedostot\google\googletoolbar2.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Ohjelmatiedostot\INSTAFINK\instafink.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\ohjelmatiedostot\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WCOLOREAL] C:\Ohjelmatiedostot\COMPAQ\COLOREAL\COLOREAL.EXE
O4 - HKLM\..\Run: [Digital Dashboard] C:\Ohjelmatiedostot\Compaq\Digital Dashboard\CPQMLDET.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\OHJELMATIEDOSTOT\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\OHJELMATIEDOSTOT\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1017.dll,InstantAccess
O4 - Startup: Works Kalenterin muistutukset.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Ohjelmatiedostot\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Ohjelmatiedostot\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://compaq.soneraplaza.fi
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Hei,
Ongelmani on seuraavanlainen:
Muutaman kuukauden ajan en ole päässyt päivittämään sivuja, koska ftp valittaa ettei saa yhteyttä. Olen tarkastanut kaikki tarvittavat tiedot (ftp-palvelin, ftp-tunnus, salasana) ja ne ovat oikein. En silti saa
yhteyttä palvelimeen. Kotisivutilan tarjoaja sanoi, että vika voi olla jokin palomuuriohjelmisto, joka estää ftp- yhteydet, joko estämällä ftp-ohjelman yhteydet suoraan tai ftp-protokollan
käyttämät tietoliikenneportit ovat suljettuina palomuurissa.

Miten nyt selvitän onko vika palomuurissa ja miten saan ftp:n taas toimimaan?

Moi täss olis hijackthis logi ja koneess on varmaan jotain häikkää ainakin spybot löysi ja ei voinut poistaa sellaista kuin funwebproducts... voisko joku auttaa ?


Logfile of HijackThis v1.98.2
Scan saved at 19:49:28, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic
Update.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\x\Omat tiedostot\Vastaanotetut
tiedostot\Muut\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/c...*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/c...ve/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dnainternet.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer - toimittaja dna Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration
Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [eDonkey2000] C:\Documents and
Settings\x\Työpöytä\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program
Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program
Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip
2.7\uzqkst.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} -
C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/096f8f9d032d3f5e8615/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/53...trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE
Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) -
http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab

Moi!
Koneessani tuntuu olevan jotain ylimääräistä.
Selaimen alareunaan avautuu ylimääräinen palkki jossa jotain Casino yms. sälää. Sen ominaisuuksissa on: http://searchweb2.com/passthrough/newpass2.html
Lisäksi näyttää, että taustalla on koko ajan kaksi iexplorea auki, joita ei saa tehtavienhallinnassa suljettua.
olen ajellut kaikki mahdolliset spyware hijack yms. ohjelmat; löytyy joka kerran samoja vaivoja.
Olen ajanut myös hijacthis lokin, jonka voin tarvittaessa liittää tänne, jos joku voi asiassa auttaa.

Jari

Mikähän mahtaa olla ongelma kun nortonin palomuuri ilmoittaa jatkuvalla syötöllä että etäjärjestelmä yrittää käyttää tietokonettasi? Siitä ei kuitenkaan voi kattoo että mistäpäin se hyökkäys tulee siis lisätieto vaihtoehtoa ei ole. Liekkö tuo nortoni sekoamassa vai mikähän mättää??

Mistä sivustolta löytyisi ilmainen ja mahdollisimman tehokas, viruksentorjuntaohjelma Mac 10:lle, onko olemassa muita kuin tuo Agax, jonka saa imuroitua Tietokonelehden softasivulta.

Koneen käynnistää niin kohta XP ilmoittaa menevänsä lepotilaan ja sammuu.

Virus? Mikä virus? Miten eroon?

MOI!

eipä tuntunut auttavan mitkään ohjelmat joita on tuolla aikaisemmin mainittu joten jos joku kerkiäis tutkiin tämän login.

Logfile of HijackThis v1.99.0
Scan saved at 12:35:45, on 20/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\appzv.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Polttojutut\Winamp3\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\dvidia_apuohjelma\aTuner\aTuner.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\apivi.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bluetooth-ohjelmisto\BTTray.exe
D:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
D:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
D:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
D:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
D:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Temp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gctan.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet10056\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A823E8D3-49E2-C685-F5CE-FA97B7B8A428} - C:\WINDOWS\d3fg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C40CAF7A-CCE6-1A49-F760-7C177E57CDD3} - C:\WINDOWS\ielg.dll
O2 - BHO: (no name) - {FEC38959-33A0-E449-26F8-6EB89B5594D9} - C:\WINDOWS\netfm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Polttojutut\Winamp3\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [aTuner] D:\dvidia_apuohjelma\aTuner\aTuner.exe -autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [2E8.tmp] C:\DOCUME~1\Aulis\LOCALS~1\Temp\2E8.tmp.exe 1 10001
O4 - HKLM\..\Run: [6.tmp] C:\DOCUME~1\Aulis\LOCALS~1\Temp\6.tmp.exe 0 10001
O4 - HKLM\..\Run: [2E8.tmp.exe] C:\DOCUME~1\Aulis\LOCALS~1\Temp\2E8.tmp.exe 2 10001
O4 - HKLM\..\Run: [apivi.exe] C:\WINDOWS\apivi.exe
O4 - HKLM\..\Run: [Security iGuard] d:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [appzv.exe] C:\WINDOWS\appzv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/9bda03aa/enter.cab
O16 - DPF: {46EB676D-8C0B-4C15-8E61-5770B172DE2F} (ThemeCreator Control) - http://www.peanutsoftware.com/tw/TW-ThemeCreator3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.../client/wuweb_site.cab?1094580757764
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/downloa...mes/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/53...trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi:82/activex/AxisCamControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.y.../dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.y.../installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntha32.exe (file missing)

Moro,

Kaverin kone on aika hidas ja ajoin HiJack:in ja tässä ois logi:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:17 PM, on 2/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\aconti.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Elisa Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [HP Mobile Printing Driver] C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [aconti] C:\WINDOWS\aconti.exe -auto
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Service - {71127EC0-A102-4549-B10F-2BD557DCB151} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Support - {8D459DE4-DDDB-4715-A2B6-BB93F34C3BCD} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS - {A50B2249-DCBC-43B2-BCB9-17D8F2279740} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

Mitäs kannattais tehä? Varmaan pitäis ajaa AdAware ja spybot läpi mut onko jotain muuta tehtävissä? Kiitoksia jo etukäteen!

Kyseisen ohjelman takia suoritinkäyttö koko ajan lähes täysillä. Onko se tarpeellinen vai jokin haitake. Jos voi poistaa niin miten se tehdään.

AVAST Virustorjunta ilmaisaika loppui, pari oäivää ilman, samantien OUTLOOK meni jumiin. ONGELMA:
OUTLOOK lähettää yhä uudelleen outboxissa olevia viestejä ja niitä ei voi poistaa (virheherja). Myöskään pop ei hae serveriltä viestejä. Olen ajanut AVASTin uudelleen, sekä Adwaren monta kertaa. Palautin sen jälkeen järjestelmää parilla päivällä taaksepäin, ei muutoksia. Uskon että jokin boogi jumittaa OUTLOOKin. Mutta mikä ja miten siitä pääsee eroon, ilman että pst tuhoutuu (liian arvokas). Otin Adware login, jos siitä on mitään hyötyä:

Ad-Aware SE Build 1.05
Logfile Created on:19. helmikuuta 2005 18:46:10
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R27 05.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references.
Tracking Cookie(TAC index:3):2 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Include Alternate Datastream details in log file
Set : Play sound at scan completion if scan locates critical objects


19.2.2005 18:46:10 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-339521123-4262702000-742489021-1112\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Documents and Settings\mikael\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 840
ThreadCreationTime : 19.2.2005 12:59:22
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 19.2.2005 12:59:27
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 19.2.2005 12:59:27
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 19.2.2005 12:59:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 19.2.2005 12:59:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 19.2.2005 12:59:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1212
ThreadCreationTime : 19.2.2005 12:59:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1352
ThreadCreationTime : 19.2.2005 12:59:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1412
ThreadCreationTime : 19.2.2005 12:59:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1600
ThreadCreationTime : 19.2.2005 12:59:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1940
ThreadCreationTime : 19.2.2005 12:59:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1736
ThreadCreationTime : 19.2.2005 13:01:46
BasePriority : Normal


#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 172
ThreadCreationTime : 19.2.2005 13:01:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 468
ThreadCreationTime : 19.2.2005 13:02:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 19.2.2005 13:02:17
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 604
ThreadCreationTime : 19.2.2005 13:02:17
BasePriority : Normal
FileVersion : 5.5.062.004
ProductVersion : 5.5.062.004
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:17 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 19.2.2005 13:02:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:18 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 1872
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal


#:19 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 940
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:20 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:21 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1472
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
ProductVersion : 2.1.34 2.1.34 09/23/2003 17:06:56
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:22 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 1616
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 1.73
ProductVersion : 1.73
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2004
LegalTrademarks : Agere Systens
OriginalFilename : LtMoh.EXE

#:23 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1336
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 7.9.2 22Jan04
ProductVersion : 7.9.2 22Jan04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2004
OriginalFilename : SynTPLpr.exe

#:24 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 788
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 7.9.2 22Jan04
ProductVersion : 7.9.2 22Jan04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2004
OriginalFilename : SynTPEnh.exe

#:25 [datala~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\
ProcessID : 236
ThreadCreationTime : 19.2.2005 13:12:53
BasePriority : Normal
FileVersion : 5, 0, 2, 56
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright (c) 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:26 [trayap~1.exe]
FilePath : C:\PROGRA~1\Nokia\NOKIAP~1\
ProcessID : 1380
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : Nokia Tray Application
FileDescription : Nokia Tray Application
InternalName : Nokia Tray Application
LegalCopyright : Copyright © 2001 - 2004 Nokia. All Rights Reserved.
OriginalFilename : TrayApplication.EXE

#:27 [msnappau.exe]
FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\
ProcessID : 508
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal


#:28 [icqlite.exe]
FilePath : C:\Program Files\ICQLite\
ProcessID : 460
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal
FileVersion : 555
ProductVersion : 1, 0, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:30 [servic~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\PCSuite\Services\
ProcessID : 1920
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal
FileVersion : 6, 0, 1, 7
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 936
ThreadCreationTime : 19.2.2005 13:12:54
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3276
ThreadCreationTime : 19.2.2005 13:13:49
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:33 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 2868
ThreadCreationTime : 19.2.2005 13:19:13
BasePriority : Normal
FileVersion : 5.2.3790.1159 (dnsrv.040209-1620)
ProductVersion : 5.2.3790.1159
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

#:34 [ashsimpl.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2484
ThreadCreationTime : 19.2.2005 13:40:39
BasePriority : Normal
FileVersion : 4, 5, 536, 0
ProductVersion : 4, 5, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : Virus scanner
InternalName : aswSimpl.exe
LegalCopyright : Copyright (c) 2003 ALWIL Software
OriginalFilename : aswSimpl.exe

#:35 [outlook.exe]
FilePath : C:\PROGRA~1\MICROS~2\Office10\
ProcessID : 704
ThreadCreationTime : 19.2.2005 13:53:36
BasePriority : Normal


#:36 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 3244
ThreadCreationTime : 19.2.2005 13:53:59
BasePriority : Normal


#:37 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3720
ThreadCreationTime : 19.2.2005 15:00:18
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:38 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3908
ThreadCreationTime : 19.2.2005 15:03:33
BasePriority : Normal


#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2140
ThreadCreationTime : 19.2.2005 16:46:02
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mikael@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:mikael@imrworldwide.com/cgi-bin
Expires : 19.1.2009 1:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mikael@server.iad.liveperson[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:mikael@server.iad.liveperson.net/
Expires : 19.2.2006 17:12:10
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 2
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 17


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 17


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New Critical Objects:0
Objects found so far: 17

Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 17

18:54:08 Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:57.677
Objects scanned:101381
Objects identified:2
Objects ignored:0
New Critical Objects:2

MOI!

Taas iski virus koneeseen, voisiko joku katella mikä mättää Hijack logissa.

Kiitti jo etukäteen.

Logfile of HijackThis v1.99.0
Scan saved at 00:16:10, on 19/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
D:\Polttojutut\Winamp3\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\dvidia_apuohjelma\aTuner\aTuner.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\appuc.exe
C:\DOCUME~1\Aulis\LOCALS~1\Temp\2E8.tmp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bluetooth-ohjelmisto\BTTray.exe
D:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
D:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
D:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
D:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ntfr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
D:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\inet10056\services.exe
C:\Temp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spuce.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spuce.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\spuce.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spuce.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spuce.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spuce.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spuce.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet10056\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DD3D11A-3109-1C20-8BD5-58F5241F1766} - C:\WINDOWS\atlaw32.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Polttojutut\Winamp3\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [aTuner] D:\dvidia_apuohjelma\aTuner\aTuner.exe -autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [appuc.exe] C:\WINDOWS\appuc.exe
O4 - HKLM\..\Run: [2E8.tmp] C:\DOCUME~1\Aulis\LOCALS~1\Temp\2E8.tmp.exe 1 10001
O4 - HKLM\..\Run: [2E8.tmp.exe] C:\DOCUME~1\Aulis\LOCALS~1\Temp\2E8.tmp.exe 1 10001
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10056\services.exe
O4 - HKLM\..\RunOnce: [ipgo.exe] C:\WINDOWS\ipgo.exe
O4 - HKLM\..\RunOnce: [ntfr.exe] C:\WINDOWS\system32\ntfr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10056\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth-ohjelmisto\btsendto_ie.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/9bda03aa/enter.cab
O16 - DPF: {46EB676D-8C0B-4C15-8E61-5770B172DE2F} (ThemeCreator Control) - http://www.peanutsoftware.com/tw/TW-ThemeCreator3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.../client/wuweb_site.cab?1094580757764
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/downloa...mes/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi:82/activex/AxisCamControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.y.../dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.y.../installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntha32.exe (file missing)

Hei,

Minulla on ongelma (en ole mikään haka tietokoneiden kanssa). Koneeni "etusivulle" elikkäs näytölle on ilmestynyt ihme juttuja kuten bingo, games jne... Saan ne pois kun suoritan Microsoft AntiSpywaren, mutta ne palautuvat joka kerta kun avaan koneen uudelleen. Ms Antispyware ilmoittaa, että se on Possible Browser Hijacker, miten saan sen pysymään poissa? Käytössä on myös Ad-aware ja Spybot-Search and Destroy, ei auta mitään...Auttakee!!!!

Tuli mitta täyteen tuon toimiston Sonicwall Soho 3:n kanssa, ominaisuuksia löytyisi, mutta kun niistä pitää maksaa (ip-osoitteistakin!), niin nyt pitäisi sitten löytää korvaava värkki toimiston LAN:ia suojaamaan. Kattelin alustavasti D-Linkin DFL-700:ää, tuntuisi sisältävän ne ominaisuudet mitä meikäläisen toimisto tarttisi ja vielä ilman vedätystä tyyliin: "Tarjoaisimme tätäkin ominaisuutta, mutta ensin pitäisi saada rahaa...".

Kyselisinkin nyt onko foorumilaisilla kokemuksia tuosta purkista, tai suositella vastaavan tasoista ja hintaista laitetta.
http://lyhytlinkki.net/?b1kg1sws

T: Vesku