Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:45:40, on 5.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Auto Power-on\AutoPowerOn.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\awturpo.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: (no name) - {4CD78935-199D-4B2F-B7BB-C687B010A113} - C:\WINDOWS\system32\mljge.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\bdoyalno.dll (file missing) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8F8C5BD1-791A-405C-9D33-919897EAE7EE} - C:\WINDOWS\system32\vtutq.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\btrqwked.dll",setvm O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138790332515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: awturpo - C:\WINDOWS\SYSTEM32\awturpo.dll O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Moro Avaa Käynnistä->Suorita, kirjoita siihen sc stop NipSvc ja paina Enter sc delete NipSvc ja paina Enter *** Sitten: Poista Ohjauspaneelin lisää/poista sovelluksista, jos löytyy: Blondes MyWebSearch Email Plugin tai mikä vaan MyWebSearch alkuinen ohjelma WhenUSave tai Save Error Safe *** Lataa http://www.atribune.org/ccount/click.php?id=4][b]VundoFix.exe[/b] työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. Poista kansiot: C:\Program Files\-->hbt<-- C:\Program Files\-->MyWebSearch<-- C:\Program Files\-->Save<-- C:\Program Files\-->Error Safe Free<-- Jos eivät poistu, käynnistä kone vikasietotilaan, ja poista ne siellä. Ohje: http://students.turkuai.fi/~aidata/?Ohjeita_ja_muuta_tietoa:Vikasietotila Lähetä C:\vundofix.txt ja uusi hijack logi
VundoFix V6.3.19 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 17:19:24 6.4.2007 Listing files found while scanning.... C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Program Files\VSAdd-in\VSAdd-in.dll C:\WINDOWS\system32\awtrpqq.dll C:\WINDOWS\system32\awturpo.dll C:\WINDOWS\system32\bdoyalno.dll C:\WINDOWS\system32\btrqwked.dll C:\WINDOWS\system32\cbxvvsq.dll C:\WINDOWS\system32\dekwqrtb.ini C:\WINDOWS\system32\egjlm.tmp C:\WINDOWS\system32\gebawxv.dll C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\geeby.dll C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\hhkmp.ini C:\WINDOWS\system32\ibielmrm.exe C:\WINDOWS\system32\lmllm.bak1 C:\WINDOWS\system32\lmllm.bak2 C:\WINDOWS\system32\lmllm.ini C:\WINDOWS\system32\lmllm.ini2 C:\WINDOWS\system32\lmllm.tmp C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\mlljg.dll C:\WINDOWS\system32\mllml.dll C:\WINDOWS\system32\noxuwyft.ini C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\pmnlj.dll C:\WINDOWS\system32\pskdbxvg.exe C:\WINDOWS\system32\tfywuxon.dll C:\WINDOWS\system32\vclrbjad.exe C:\WINDOWS\system32\vtstu.dll C:\WINDOWS\system32\vtutq.dll Beginning removal... Attempting to delete C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted! Attempting to delete C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Documents and settings\Omistaja\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted! Attempting to delete C:\WINDOWS\system32\awtrpqq.dll C:\WINDOWS\system32\awtrpqq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\awturpo.dll C:\WINDOWS\system32\awturpo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\btrqwked.dll C:\WINDOWS\system32\btrqwked.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbxvvsq.dll C:\WINDOWS\system32\cbxvvsq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\dekwqrtb.ini C:\WINDOWS\system32\dekwqrtb.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\egjlm.tmp C:\WINDOWS\system32\egjlm.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\gebawxv.dll C:\WINDOWS\system32\gebawxv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\geebx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geeby.dll C:\WINDOWS\system32\geeby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\gjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\hhkmp.ini C:\WINDOWS\system32\hhkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ibielmrm.exe C:\WINDOWS\system32\ibielmrm.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\lmllm.bak1 C:\WINDOWS\system32\lmllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\lmllm.bak2 C:\WINDOWS\system32\lmllm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\lmllm.ini C:\WINDOWS\system32\lmllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\lmllm.ini2 C:\WINDOWS\system32\lmllm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\lmllm.tmp C:\WINDOWS\system32\lmllm.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\mljge.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljg.dll C:\WINDOWS\system32\mlljg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mllml.dll C:\WINDOWS\system32\mllml.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\noxuwyft.ini C:\WINDOWS\system32\noxuwyft.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\pmkhh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlj.dll C:\WINDOWS\system32\pmnlj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pskdbxvg.exe C:\WINDOWS\system32\pskdbxvg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\tfywuxon.dll C:\WINDOWS\system32\tfywuxon.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vclrbjad.exe C:\WINDOWS\system32\vclrbjad.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\vtstu.dll C:\WINDOWS\system32\vtstu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutq.dll C:\WINDOWS\system32\vtutq.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 17:45:02, on 6.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll O2 - BHO: (no name) - {2FD1979E-63F1-4F17-B9E3-2CA70643FE03} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\btrqwked.dll",setvm O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138790332515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Suosittelen poistamaan Megaupload Toolbarin Ohjauspaneelin lisää/poista sovelluksista. Poista myös kaikki java versiot Tietoa Megaupload Toolbar ohjelmasta: http://www.castlecops.com/tk30914-Megaupload_Toolbar.html Jos poistit Megaupload Toolbarin, merkkaa ja fixaa myös tummennetut rivit ja poista fixauksen jälkeen myös ohjelman kansio C:\PROGRAM FILES\-->MEGAUPLOAD TOOLBAR<--- *** Piilotiedostot näkyviin # 1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli. # 2.Valitse "Kansion asetukset" # 3.Siirry" Näytä välilehdelle" # 4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot. *** Lataa ja asenna CCleaner http://www.ccleaner.com/ Ohjeita käyttöön http://www.nefernetti.com/ccleaner_opas.htm Aja Puhdistaja ja Virheet *** Ohje AVG Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon työpöydälle, tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta. Lataa http://www.ewido.net/en/download/ AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. * Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. * Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. * Käynnistä AVG Anti-Spyware. * Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. * Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. * Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "QUARANTINE". * Sitten "Reports" valikon alta: o Laita ruksi kohtaan "Automatically generate report after every scan" o Ota ruksi pois kohdasta "Only if threats were found" * Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa * "Resident shield is", muuta tila active:sta inactive:ksi * Sulje ohjelma, ÄLÄ SKANNAA VIELÄ. Käynnistä koneesi vikasietotilaan, Ohje: http://students.turkuai.fi/~aidata/?Ohjeita_ja_muuta_tietoa:Vikasietotila Tee vikasiedossa uusi skannaus hjt:llä, ruksaa rivit, sulje selain ja kaikki muut sovellukset, ja paina Fix checked O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll O2 - BHO: (no name) - {2FD1979E-63F1-4F17-B9E3-2CA70643FE03} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\btrqwked.dll",setvm O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab Edelleen vikasietotilassa: Poista resurssienhallinen kautta tiedostot, jos löytyvät: C:\WINDOWS\ -->vgraph.dll<-- C:\WINDOWS\system32\ -->btrqwked.dll<-- Tyhjennä roskakori. Vikasietotilassa vieläkin: HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta. * Kun vikasietotilassa, käynnistä AVG Anti-Spyware. * Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". * Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: --->TÄRKEÄÄ!! : ÄLÄ KLIKKAA "Save Scan Report" ennen kuin klikkaat --> "Apply all Actions" * Varmistu, että Set all elements to: näyttää Quarantine, jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. * Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" * Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. * Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. * Sulje ohjelma, käynnistä kone normaalisti, avautuu normaalitilaan. *** Piilotiedostot pois näkyvistä # 1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli. # 2.Valitse "Kansion asetukset" # 3.Siirry" Näytä välilehdelle" # 4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Älä näytä piilotettuja.." *** Javan välimuistin tyhjennys: Asenna uusin Java päivitys seuraavasta linkistä.. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp]http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1[/b] Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Koneen uudelleenkäynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: [*]Applications and Applets [*]Trace and Log Files ja paina OK -nappia 9. Klikkaa OK Temporary Files Settings -ikkunassasi. Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 10. Valitse välilehti Update ja ota ruksi pois kohdasta Check for Updates automatically Valitse "Never check" 11. Klikkaa OK jättääksesi Java asetusikkunasi. *** Lähetä AVG:n raportti ja uusi hijack logi.
------------------------------------------------------ AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:25:17 7.4.2007 + Scan result: C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP364\A0325207.exe -> Adware.180Solutions : Cleaned with backup (quarantined). C:\Program Files\FileSubmit\Alien\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP386\A0337758.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP386\A0337759.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP386\A0337804.dll -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\UD7L7JM0\SetupInstRe[1].exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\FileSubmit\Alien\Ezthemes_WhenUSaveNowCrunch_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\FileSubmit\Alien\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP378\A0335378.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP386\A0337842.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP386\A0337843.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP395\A0345793.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP396\A0345949.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP402\A0350838.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP406\A0353019.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP408\A0356974.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP411\A0361012.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP425\A0370164.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP425\A0371188.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Downloads\CutthroatsSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Downloads\CutthroatsSetup-dm[2].exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Työpöytä\backups\backup-20070407-035053-953.dll -> Adware.Webdir : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP429\A0374839.dll -> Adware.Webdir : Cleaned with backup (quarantined). HKU\S-1-5-21-842925246-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Omat tiedostot\HOODLUM\hlm-intro.exe -> Backdoor.Hupigon.kg : Cleaned with backup (quarantined). C:\Documents and Settings\Janne\Local Settings\Temp\lenshkna.0ll -> Logger.VBStat.h : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\befmatfl.0ll -> Logger.VBStat.h : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\pihdjnfi.0ll -> Logger.VBStat.h : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Cookies\joni@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@connextra[1].txt -> TrackingCookie.Connextra : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.10:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\a4xnkw5v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@search.live[1].txt -> TrackingCookie.Live : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@feedback.search.msn[2].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@fi.feedback.search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.14:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Zenni\Cookies\zenni@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@ad.text.tbn[1].txt -> TrackingCookie.Texttbnru : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Jenni\Cookies\jenni@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Janne\Cookies\janne@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Joni\Cookies\joni@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Janne\Local Settings\Temp\bclcbyfv.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Janne\Local Settings\Temp\bgbvgvgo.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Janne\Local Settings\Temp\jrnlctnn.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Janne\Local Settings\Temp\vbcopovs.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\bfrivpke.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\cvoteddp.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\ilbukkjx.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\kahicmkk.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\pmoyngll.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Local Settings\Temp\wvwvegxl.0ll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\WinRAR\WinRAR.3.62.Final-Patch.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\Documents and Settings\Omistaja\Työpöytä\Naruto\WinRAR.3.62.Final.zip/WinRAR.3.62.Final-Patch.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Omat tiedostot\AIRBUCKS\AIRBUCKS.ZIP/JUNGLE.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Omat tiedostot\AIRBUCKS\AIRBUCKS.ZIP/RUNWAY.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Työpöytä\Joni\AIRBUCKS\AIRBUCKS.ZIP/JUNGLE.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined). C:\Documents and Settings\Joni\Työpöytä\Joni\AIRBUCKS\AIRBUCKS.ZIP/RUNWAY.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP425\A0371146.dll -> Trojan.Vundo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP425\A0371149.dll -> Trojan.Vundo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{129231E4-F05C-4FA5-84C3-3223DB172CFC}\RP425\A0371150.dll -> Trojan.Vundo : Cleaned with backup (quarantined). C:\VundoFix Backups\awtrpqq.dll.bad -> Trojan.Vundo : Cleaned with backup (quarantined). C:\VundoFix Backups\cbxvvsq.dll.bad -> Trojan.Vundo : Cleaned with backup (quarantined). C:\VundoFix Backups\gebawxv.dll.bad -> Trojan.Vundo : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 10:10:55, on 7.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Auto Power-on\AutoPowerOn.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2FD1979E-63F1-4F17-B9E3-2CA70643FE03} - (no file) O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138790332515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Poista kaikki javat 1.5.0.6, 1.5.0.8, 1.5.0.9 ja 1.5.0.11 Ohjauspaneelin lisää/poista sovelluksista. *** Tee vielä skannaus hjt:llä, merkkaa rivit, sulje selain ja muut sovellukset ja paina Fix Checked O2 - BHO: (no name) - {2FD1979E-63F1-4F17-B9E3-2CA70643FE03} - (no file) Käynnistä kone uudelleen *** Tyhjennä AVG:n karanteeni: Avaa AVG, Infections/Quarantine, valinta Select all, ja Remove finally *** Lataa Atribunen ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) *** Javan välimuistin tyhjennys: Asenna uusin Java päivitys seuraavasta linkistä.. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/download...va.sun.com/javase/downloads/index.jsp[/color] Rullaa alas kohteeseen rullaa kohtaan Java Runtime Environment (JRE) 6u1 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. Koneen uudelleenkäynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). Varmista että kaikki kaksi valintaa ovat rastitettuja: [*]Applications and Applets [*]Trace and Log Files ja paina OK -nappia Klikkaa OK Temporary Files Settings -ikkunassasi. Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. Valitse välilehti Update ja ota ruksi pois kohdasta Check for Updates automatically Valitse "Never check" Klikkaa OK jättääksesi Java asetusikkunasi. *** Tarkista koneesi Panda Online Skannerilla: http://www.pandasoftware.com/activescan/com/activescan_principal.htm Panda ActiveScan * Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta * Uusi ikkuna aukeaa...klikkaa Check Now-painiketta * Valitse maa, Country * Syötä kaupunki, State/Province * Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta * Valitse joko kotikäyttäjä Home User tai yritys Company * Klikkaa suurta Scan Now-painiketta * Jos ActiveX-komponentin asentamista kysytään, salli se. * Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja) * Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen * Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle). Liitä Pandan skannausraportin sisältö vastaukseesi uuden HijackThis login kanssa.
Panda skannaus: Incident Status Location Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@belnk[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@cgi-bin[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@cgi-bin[3].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@dist.belnk[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@errorsafe[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@fe.lea.lycos[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Jenni\Cookies\jenni@rn11[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jenni_2\Application Data\Mozilla\Firefox\Profiles\69ds7rl4.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jenni_2\Application Data\Mozilla\Firefox\Profiles\69ds7rl4.default\cookies.txt[.adtech.de/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jenni_2\Application Data\Mozilla\Firefox\Profiles\69ds7rl4.default\cookies.txt[.advertising.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jenni_2\Cookies\jenni_2@stats1.reliablestats[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jenni_2\Cookies\jenni_2@winantivirus[1].txt Virus:Trj/BHO.A Disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temp\dhtexlar.0ll Virus:Trj/BHO.A Disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temp\iqnbjmtc.0ll Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temp\kpigbhqh.0ll Virus:Trj/BHO.A Disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temp\VIYQJBLT.0LL Virus:Trj/BHO.A Disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temp\YPQIVQDB.0LL Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Jenni_2\Local Settings\Temporary Internet Files\Content.IE5\FYJQF3W5\channels_02[1].gif Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Joni\Cookies\joni@888[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joni\Cookies\joni@belnk[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Joni\Cookies\joni@cassava[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Joni\Cookies\joni@dist.belnk[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joni\Cookies\joni@drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Joni\Cookies\joni@errorsafe[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Joni\Cookies\joni@rn11[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joni\Cookies\joni@stats.drivecleaner[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Joni\Cookies\joni@systemdoctor[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Joni\Cookies\joni@winantivirus[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Joni\Cookies\joni@www.drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Joni\Cookies\joni@www.errorsafe[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Joni\Cookies\joni@www.systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Joni\Cookies\joni@www.winantivirus[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Joni\Cookies\joni@xiti[1].txt Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\SC6A9KQF\cons_upd[1] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt[.adtech.de/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt[.advertising.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\r2crx69p.default\cookies.txt[.2o7.net/] Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@adopt.hbmediapro[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@errorsafe[2].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@rn11[2].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@systemdoctor[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Zenni\Cookies\zenni@www.errorsafe[1].txt Spyware:Spyware/7r7t Not disinfected C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe Spyware:Spyware/7r7t Not disinfected C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\msimg32.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\awturpo.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\btrqwked.dll.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\ibielmrm.exe.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\pskdbxvg.exe.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tfywuxon.dll.bad Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\vclrbjad.exe.bad Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\muigeudx.exe Logfile of HijackThis v1.99.1 Scan saved at 18:35:53, on 7.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138790332515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Tyhjennä vundofixin backups kansion sisältö: C:\VundoFix Backups <--- *** Noudata aikaisempia ohjeita: Katso CCleanerin ja ATF-cleanerin ohjeet, ja aja molemmat ohjelmat uudelleen. *** Lataa Killbox Option^Explicitiltä http://www.downloads.subratam.org/KillBox.zip Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi. * Tallenna työpöydällesi. * Tupla-klikkaa Killbox.exe ajaaksesi ohjelman. * Valitse: o Delete on Reboot o sitten klikkaa All Files valintaa. * Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi): C:\Program Files\Internet Explorer\msimg32.dll C:\Program Files\MSN Messenger\msimg32.dll C:\Program Files\MSN Messenger\riched20.dll C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\muigeudx.exe C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe * Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard. * Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!). Käynnistä koneesi itse jos se ei sitä automaattisesti tee. Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan. *** Lataa http://www.techsupportforum.com/sectools/Deckard/dss.exe] Deckard's System ScannerTyöpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. Sulje kaikki avoimet ikkunat ja ohjelmat. Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) kopioi ja liitä extra.txt sisältö seuraavaan vastaukseesi. Lähetä KillBox\Logs\kb.log ja Deckard's System Scannerin extra.txt sisältö
Pocket Killbox version 2.0.0.648 Running on Windows XP as Omistaja(Administrator) was started @ sunnuntai, huhtikuu 08, 2007, 1:17 AM Killbox Closed(Exit) @ 1:18:00 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Omistaja(Administrator) was started @ maanantai, huhtikuu 09, 2007, 12:31 AM # 1 [Delete on Reboot] Path = C:\Program Files\Internet Explorer\msimg32.dll # 2 [Delete on Reboot] Path = C:\Program Files\MSN Messenger\msimg32.dll # 3 [Delete on Reboot] Path = C:\Program Files\MSN Messenger\riched20.dll # 4 [Delete on Reboot] Path = C:\WINDOWS\system32\f3PSSavr.scr # 5 [Delete on Reboot] Path = C:\WINDOWS\system32\muigeudx.exe # 6 [Delete on Reboot] Path = C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe # 7 [Delete on Reboot] Path = C:\Program Files\BitLord\Downloads\Kohime.Vol.1.-.Sin.Sensura.CVCD.DVDRIP.Hentai.Subs.Esp.www.LimiteVCD.com.exe I Rebooted @ 12:33:19 AM Killbox Closed(Exit) @ 12:33:39 AM _____________________________________________ Deckard's System Scanner v20070328.36 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: Intel(R) Celeron(R) CPU 2.93GHz Percentage of Memory in Use: 52% Physical Memory (total/avail): 1022.61 MiB / 487.48 MiB Pagefile Memory (total/avail): 2461.16 MiB / 2009.31 MiB Virtual Memory (total/avail): 2047.88 MiB / 1994.55 MiB C: is Fixed (NTFS) - 149.05 GiB total, 36.74 GiB free. D: is CDROM (Unformatted) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Elisa Tietoturvapalvelu 6.15 v6.15 (F-Secure Corporation) AV: Elisa Tietoturvapalvelu 6.15 v6.15 (F-Secure Corporation) -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Omistaja\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PAKARINE-902803 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Omistaja LOGONSERVER=\\PAKARINE-902803 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp TMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp USERDOMAIN=PAKARINE-902803 USERNAME=Omistaja USERPROFILE=C:\Documents and Settings\Omistaja windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Omistaja (admin) Jenni (admin) Joni (admin) Zenni (admin) Jenni_2 (admin) -- Add/Remove Programs --------------------------------------------------------- -=CASH=- SOF Minimizer --> MsiExec.exe /I{B720288E-778A-4308-8D65-8EE2E775042A} --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Elisa Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"News Service" --> C:\PROGRA~1\SOLDIE~2\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~2\Uninstall\install.log --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70500000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 Auto Power-on & Shut-down 2.00 --> "C:\Program Files\Auto Power-on\unins000.exe" Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{AD211425-49BE-48D4-889C-C614DA6AC4AD} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Azureus --> C:\Program Files\Azureus\Uninstall.exe Battlefield 2 Standalone Demo Server --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DC2B13F-9352-465D-9019-10966C97B1C0}\setup.exe" -l0x9 -removeonly Battlefield 2(TM) Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}\setup.exe" -l0x9 -removeonly BitComet 0.86 --> C:\Program Files\BitComet\uninst.exe BSplayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe" Call of Duty Game of the Year Edition --> C:\PROGRA~1\CALLOF~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\CALLOF~1\UNINST~1\INSTALL.LOG Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000b Canon MP160 -käyttäjän rekisteröinti --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" ConvertXtoDVD 2.1.14.223 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe" Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10 Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240 DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivxToDVD 0.5.2b --> "C:\Program Files\vso\DivxToDVD\unins000.exe" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Elisa Tietoturvapalvelu --> C:\PROGRA~1\ELISAT~1\Common\fsbwih.exe /uninstall ffdshow [rev 740] [2007-01-05] --> "C:\Program Files\ffdshow\unins000.exe" FIFA 07 --> C:\Games\FIFA07\unwise.exe FIFA 07 --> C:\Games\FIFA07\UNWISE.EXE C:\Games\FIFA07\INSTALL.LOG FlatOut2 --> MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890} FSX_Screensaver --> C:\Program Files\FSX_Screensaver\Uninstall.exe Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5 Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" Half-Life --> "C:\Program Files\Steam\steam.exe" steam://uninstall/70 High Definition Audio - KB888111 --> HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall Hotfix-päivitys Windows XP:lle (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe" Hotfix-päivitys Windows XP:lle (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe" Hotfix-päivitys Windows XP:lle (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe" Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Jade Empire --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7110 Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} LEGO Sports 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0xb Medal of Honor European Assault Screen Saver --> C:\WINDOWS\Medal of Honor European Assault.scr /u Medal of Honor European Assault(TM) Screensaver --> "C:\Program Files\mohea_screensaver\unins000.exe" Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows XP -käyttöjärjestelmän ohjatun CD-levylle tallentamisen HighMAT-laajennus --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Microsoft Works --> MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8} Mopokorttikoulu --> C:\WINDOWS\Mopokorttikoulu Uninstaller.exe Mozilla Firefox (2.0.0.3) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3} Nokia PC Connectivity SDK 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BAD7A0-610B-4691-A054-D8A9F15FF708} /l1035 Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{E9B3A621-DCC5-4649-940C-6456CF0AF9DA} Outlook-työkalurivi (Windows Live Toolbar) --> MsiExec.exe /X{EB36F61F-53CD-4813-BB7F-75B16AAC1713} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Ponnahdusikkunoiden esto (Windows Live Toolbar) --> MsiExec.exe /X{7A888168-7E7D-477C-9490-24CEB079435B} QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1035 Rapid Keyword 2.2 --> "C:\Program Files\Rapid Keyword\unins000.exe" RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RivaTuner v2.0 Final Release --> "C:\Program Files\RivaTuner v2.0 Final Release\uninstall.exe" SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe Samsung Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Sid Meier's Civilization IV --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3900 Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Soldier of Fortune II - Double Helix GOLD --> C:\PROGRA~1\SOLDIE~2\UNINST~1\UNWISE.EXE C:\PROGRA~1\SOLDIE~2\UNINST~1\INSTALL.LOG Soldier of Fortune II - Double Helix MP TEST --> C:\PROGRA~1\SOLDIE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~1\Uninstall\Install.log SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0xb -removeonly Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Subtitle Workshop v2.51 --> "C:\Program Files\Subtitle Workshop\unins000.exe" Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{71A52B94-5BF1-4B0A-8098-37A9D495D5D8} The Simpsons Hit & Run(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x9 VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734} Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {E3D3E095-750A-4A43-91A0-7285DC5C79BF} Windows Live Toolbar --> MsiExec.exe /X{E3D3E095-750A-4A43-91A0-7285DC5C79BF} Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{2C4BFAFE-F698-421B-8687-4CBF9A5FD5E0} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XviD 1.1 final uninstall --> "C:\Program Files\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\XviD\unins000.exe" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe Ja kiitos tosi paljon kun autat. Huomaan eron jo selvästi!
Eipä kestä. Vielä on kuitenkin tehtävää Pahoittelen kun vastaaminen viivästyi, nettiyhteys oli taas poikki.. Laita vielä tuore hijack logi, tee uusi skannaus hjt.llä, save a logfile täältä: C:\Program Files\HijackThis\-->HijackThis.exe <-- niin annan lisää ohjeita.
Tässä tuo uusin HJT-logi: Logfile of HijackThis v1.99.1 Scan saved at 15:37:12, on 9.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Auto Power-on\AutoPowerOn.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitComet\BitComet.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Omistaja\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AutoPowerOn] C:\Program Files\Auto Power-on\AutoPowerOn.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138790332515 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Puhdista järjestelmänpalautus: 1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta 2. Valitse Properties/ominaisuudet 3. Valitse System Restore/järjestelmän palauttaminen välilehti 4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Apply/käytä 6. Paina OK 7. Käynnistä kone uudelleen 8. Palauta asetukset takaisin laita System Restore taas päälle toistaen ohjeet käänteisesti. "elikkä tälleen: 1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta 2. Valitse Properties/ominaisuudet 3. Valitse System Restore/järjestelmän palauttaminen välilehti 4. Ota raksi/ruksi/täppi pois "poista järjestelmän palauttaminen kaikissa asemissa" laatikosta 5. Paina Apply/käytä 6. Paina OK 7. Käynnistä kone uudelleen" *** Tee uusi, puhdas palautuspiste Käynnistä-valikosta, Programs/Acessories/System Tools/System Restore. "System restore on pois päältä, haluatko sen takaisin päälle", vastaa Yes. System restore, Create a system restore point, nimeä se, Create, Close. *** Voit poistaa Vundofix.exen ja Killboxin koneelta. *** Skype 2.5 käytössä? Päivitä ohjelma --> 3.0.0 198 *** Asenna SpywareBlaster http://koti.mbnet.fi/pattaya1/spywareblaster.htm Ohjeita sivustolla. *** Mulla on eri versio käytössä, enkä ole varma muistanko oikein, mutta varmista Firefoxin evästeasetukset: ruksi kohdassa, että evästeet sallitaan vain sivuston omalta palvelimelta *** Liikaa käynnistymistä hidastavia ohjelmia. Voit nopeuttaa koneen avautumista fixaamalla kaikki alla olevat rivit. Tee uusi skannaus hjt:llä, klikkaa Do s system scan only merkkaa rivit, sulje muut sovellukset ja selain, ja paina Fix Checked O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logi on kunnossa.
kiitän kaikesta avusta. kone ei enää hidastele eikä myöskään enää valita viruksista tai spywareista. KIIIIIITOOOOOS TOOOOOSI PALJON!
