Spyware ohjelmia asentuu itsekseen

download · Mar 25, 2006

Kone ilmoittelee "your computer is infected" ja asentelee spyware ohjelmia ja samalla norton valittaa troijalaisista jatkuvasti. Tässä loki

Logfile of HijackThis v1.99.1
Scan saved at 19:48:56, on 25.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
F:\Hyöty ja ohjelmat\Turvallisuus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...wnload/2006/WinAntiSpyware2006FreeInstall.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

-kemisti- · Mar 25, 2006

Smitfraud taitaa olla.

Lataa smitrem työpöydälle
http://noahdfear.geekstogo.com/click counter/click.php?id=1
Tuplaklikkaa sitä ja Start, niin saat smitrem kansion työpöydälle .

Hae Ewido
http://www.ewido.net/en/download/
asenna ja päivitä se, ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä kone vikasietotilassa(F8 käynnistyksen yhteydessä).

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantispyware.com/www/do...[/b]

* Ota FixSF.reg työpöydälle
http://www.bleepingcomputer.com/files/reg/FixSF.reg
Tuplaklikkaa sitä ja vastaa myöntävästi.
* Käynnistä sitten kone vikasietotilassa(F8 käynnistyksen yhteydessä)
* Poista ohjauspaneelista (lisää/poista sovellus)
- SpyFalcon (voi olla, ettei ole)
ja jos se käskee\vaatii käynnistään koneen uudestaan, älä käynnistä.
Sitten poista
C:\Program Files\SpyFalcon\ < kansio voi olla, että ei löydy enää
C:\Windows\System32\dxmpp.dll
C:\WINDOWS\system32\ginuerep.dll
* Sen jälkeen avaa smitrem-kansio ja tuplaklikkaa RunThis.bat ja seuraa ohjeita.

Tämän jälkeen scannaa ja putsaa Ewidolla + säästä logi.
Käynnistä sitten normaalisti ja lähetä uus Hijack logi,Ewidon logi ja C:\smitfiles.txt logi foorumille.

download · Mar 25, 2006

Tätä ohjelmaa ei kyllä löydy tuolta sivulta ??

http://www.bleepingcomputer.com/files/reg/FixSF.reg

-kemisti- · Mar 25, 2006

Minä ainakin löydän? Klikkaa sitä hiiren oikealla ja tallenna vaikka työpöydälle.

download · Mar 25, 2006

Mozillan säädöt vain oli kenollaan. Explorerilla löytyi. No nyt putsaamaan.

Muuten se ohjelma joka asentuu on nimeltään SpywareQuake 2,0

download · Mar 25, 2006

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:13, on 25.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoctrl.exe
F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Hyöty ja ohjelmat\Turvallisuus\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:50:31, 25.3.2006
+ Report-Checksum: 50E1420F

+ Scan result:

:mozilla.22:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup

::Report End

Smitrem:

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [versio 5.1.2600]

Running from
C:\Documents and Settings\Juha\Ty”p”yt„\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\system32\stickrep.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\system32\stickrep.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

download · Mar 25, 2006

Edelleenkin kellon vieressä vilkkuu pyörätuoliukko ja pysäköintikieltomerkki "virus alert" ja silti norton ei löydä mitään. Kuitenkaan ei enää asennu tuo Spyware Quake. Norton löysi kyllä SpyFalconin ennen putsausta mutta ei enää.

download · Mar 25, 2006

Lisätietoa josko auttaisi ongelmani ratkaisussa. Eli virheilmoitus tuossa välkkyvässä pyörätuoliukossa menee tasan näin:

Your Computer Is Infected !

Critical System Error !
System tetected virus
activities. They may cause
critical system failure. Please,
use antim alware software to
clean and protect your system
from parasite programs.
Click here to get all available software.

Jos tuota sanomaruutua klikkaa niin se menee SpywareQuake sivuille ja asentaa sieltä tuon ohjelman. Norton on poistanut SpyFalconin ja trojan zlobeja. Enää ei tuo SpywareQuake asennu mutta tuo virheolmoitus kiusaa eikä Ewido tai Norton enää löydä mitään.

-kemisti- · Mar 25, 2006

Ahaa, olisit heti sanonut, että se on SpywareQuake

Kyllä se pois saadaan

Päivitä ewido.

Sitten lataa FixSQ.reg -> http://castlecops.com/zx/flrman1/FixSQ.zip työpöydällesi oikea-klikkaamalla linkkiä yläpuolella ja valitse Save Link As tai Save File as, riippuen selaimestasi. Kun se on latautunut, tupla-klikkaa zip tiedostoa ja pura se työpöydällesi.

ÄLÄ tee tällä vielä mitään muuta.

==

Lataa ATF Cleaner http://www.atribune.org/ccount/click.php?id=1

ÄLÄ aja sitä vielä.

==

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

==

Kun vikasietotilassa, mene Lisää/Poista sovellukseen, ja poista seuraava ohjelma (jos olemassa):

SpywareQuake

***jos tietokoneesi pyytää käynnistämään uudelleen ÄLÄsalli sitä.

==

Tupla-klikkaa FixSQ.reg filua työpöydälläsi jonka latasit aiemmin. Kun se pyytää yhdistämään tiedot rekisteriin, valitse Kyllä ja sitten paina OK.

==

Aja skannaus HijackThisillä ja rastita seuraava rivi poistettavaksi jos olemassa:

O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h

Sulje kaikki muut ikkunat ja ohjelmat ja paina FIX CHECKED.

==

Avaa smitRem kansio, ja tupla-klikkaa RunThis.bat filua ajaaksesi työkalun. Seuraa ohjeita.
Odota kunnes työkalu on valmis ja levyn puhdistus kunnossa.

Työkalu luo seuraavan lokin: smitfiles.txt paikalliselle levyllesi, kuten C: tai sille mille käyttöjärjestelmäsi on asennettu. Postita tämä loki muiden lokien mukana seuraavaan vastaukseesi.

==

Aja Ewido:
[*]Klikkaa scanner
[*]Klikkaa Complete System Scan ja skannaus alkaa.
[*]Kun skannaus on kesken sinua pyydetään puhdistamaan filuja, klikkaa OK
[*]Kun se pyytää sinua puhdistamaan ensimmäisen filun, rastita vasemmassa alakulmassa boksin joka sanoo "Perform action on all infections" sitten valitse Clean ja klikkaa OK.
[*]Kun skanneri on valmis, Save report tulee näkyville.
[*]Klikkaa sitä.
[*]Tallenna report .txt file työpöydällesi.
Sulje Ewido Anti-malware.

==

Seuraavaksi, klikkaa työpöydällä oikealla hiiren nappulalla -> ominaisuudet -> työpöytä -> mukauta työpöytää -> web-välilehti.
Katso, jos siellä on jotain security-välilehti, ota rasti pois tämän kohdalta.

==

Navigoi ja poista seuraava kansio ja tiedosto jos olemassa (jos ei löydy, hyppää seuraavaan askeleeseen):

C:\Program Files\SpywareQuake
C:\WINDOWS\system32\stickrep.dll

==

Aja ATF Cleaner:

Tupla-klikkaa ATF-Cleaner.exe ajaaksesi ohjelman.
Mainin alapuolelta valitse: Select All
Klikkaa Empty Selected nappia.
Jos käytät Firefoxia selaimenasi Klikkaa Firefox välilehteä yläpuolella ja klikkaa: Select All
Klikkaa Empty Selected nappia.
HUOMAA: Jos haluat pitää tallennetut salasanasi, klikkaa No varoitukseen.
Jos käytät Operaa selaimenasi Klikkaa Opera välilehteä yläpuolelta ja valitse: Select All
Klikkaa Empty Selected nappia.
HUOMAA: Jos haluat pitää tallennetut salasanasi, klikkaa No varoitukseen.

Klikkaa Exit päävalikossa sulkeaksesi ohjelman.

==

Käynnistä uudelleen normaaliin Windowsiin, postita takaisin seuraavilla lokeilla:

Ewido Log
SmitFiles.txt login kaikki sisältö
Tuore HijackThis logi

download · Mar 25, 2006

No niin. Nyt näyttäis olevan haitat pois. Suurkiitokset -kemisti-lle. Mahtava homma tällainen foorumiketju. Ilman apuja olisin ollu ihan pihalla. Noin sitkasta rojua en ole ennen joutunut poistamaan. Ja molemmathan sieltä löytyi. SpywareQuake ja SpyFalcon että ei mennyt kumpikaan ohje hukkaan. Tässä vielä nämä uudet logit.

[bold]Ewido[/bold]

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:43:27, 26.3.2006
+ Report-Checksum: 60716DDB

+ Scan result:

:mozilla.26:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\l1xmai6j.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup

::Report End

[bold]SmitFiles[/bold]

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [versio 5.1.2600]

Running from
C:\Documents and Settings\Juha\Ty”p”yt„\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 820 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

[bold]HJT[/bold]

Logfile of HijackThis v1.99.1
Scan saved at 12:55:15, on 26.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoctrl.exe
F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
F:\Hyöty ja ohjelmat\Turvallisuus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Hyöty ja ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Hyöty ja ohjelmat\Turvallisuus\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

-kemisti- · Mar 26, 2006

Puhtaalta näyttää ja ole hyvä

Kun näyttää noita vakoiluevästeitä olevan, niin suosittelen spywareblasterin asentamista:

http://keskustelu.afterdawn.com/thread_view.cfm/221085

Log in or Sign up

Spyware ohjelmia asentuu itsekseen

download Active member

-kemisti- Active member

download Active member

-kemisti- Active member

download Active member

download Active member

download Active member

download Active member

-kemisti- Active member

download Active member

-kemisti- Active member

Share This Page

Log in or Sign up

Spyware ohjelmia asentuu itsekseen

download Active member

-kemisti- Active member

download Active member

-kemisti- Active member

download Active member

download Active member

download Active member

download Active member

-kemisti- Active member

download Active member

-kemisti- Active member

Share This Page

Useful Searches