[Tegelinsky]

Mida jätta, mida tappa? Eriti kahtlane tundub mulle msndn.exe ja kogu see jura alates gona.exe'st kuni AntiSsy.pif'ini, kuid omapäi ma asju kustutama hakata ei julge, olen nimelt paras dumbuser.

Logfile of HijackThis v1.99.1
Scan saved at 16:27:40, on 24.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msndn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\TÕNU\LOCALS~1\Temp\Rar$EX00.843\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://live.hot.ee/
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvuvspn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Microsoft Fixgf] dbuqheokg.exe
O4 - HKLM\..\Run: [MSN] tesakmger.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [Microsoft Fixgf] dbuqheokg.exe
O4 - HKLM\..\RunServices: [mdr procce] gona.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe
O4 - HKLM\..\RunServices: [MSN] tesakmger.exe
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Diami prosessorers] wowae.exe
O4 - HKLM\..\RunServices: [Microsoft Anti-Virus] bjejjcfo.exe
O4 - HKLM\..\RunServices: [Update WinFix] ihtxrkbpoltv.exe
O4 - HKLM\..\RunServices: [WinFixer service] nobzkuddth.exe
O4 - HKLM\..\RunServices: [Fire Well service] oxrbvkc.exe
O4 - HKLM\..\RunServices: [Doc32 service] ucwtlfsinyk.exe
O4 - HKLM\..\RunServices: [FiresWallservices] yvfrkvtvaeukbg.exe
O4 - HKLM\..\RunServices: [Microsoft AntiSsy] AntiSsy.pif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134759231159
O20 - Winlogon Notify: wvuvspn - wvuvspn.dll (file missing)
O23 - Service: Microsoft Networks DN (msndn) - Unknown owner - C:\WINDOWS\msndn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

[Fireforce]

http://www.hijackthis.de/ pane sinna oma log file, ja ta ise näitab mis on safe nasty jne

[Tegelinsky]

[Mario.]

hakka ükshaaval goolgisse toksima. .exe-sid ma mõtlen.

[HacaX]

Pole seal suurt midagi otsida - kõik mainitud EXEd on ilmselgelt suvaliselt genereeritud nimedega. Too viimane pole samuti ühegi kandi pealt usaldusttekitav.
HJT pakub, kui selle võimaluse sisse lülitad, tagavarakoopiate tegemise võimalust. Isiklikult tarbiks seda, eemaldaks kõik antud sissekanded, teeks alglaadimise ning skänniks masina mõne korraliku viiruse-/adware'itõrjujaga üle.