W32.Myzor.FK@yf tässä olis noi hjt-logi ja smitfraudfix

Rammari · Jan 3, 2007

Kummipojan koneessa joku öhkömönkiäinen voisko joku ystävällisesti auttaa ?

Logfile of HijackThis v1.99.1
Scan saved at 14:41:41, on 3.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Design Ltd\Installers\MCCINST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Key Generator\isamonitor.exe
C:\Program Files\Key Generator\pmsngr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Key Generator\isamini.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Key Generator\pmmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Elisa
Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.
exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\lussut\LOCALS~1\Temp\fsbwih.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSLAUNCHER0.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\haijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
//www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:
//go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:
//go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}
- (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:
\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:
\Program Files\Key Generator\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar39.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:
\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:
\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file
missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:
\Program Files\DAP\DAPIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar39.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
- C:\Program Files\Key Generator\iesplugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.
exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa
Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Crazy Frog Mate] C:\Program Files\Crazy Frog
Compagnon\Crazy Frog Mate.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.
exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -
silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.
exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org
2.0\program\quickstart.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: South Park Desktop Friends.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program
Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-
95364C649934} - C:\Program Files\Super Flash Player Manager\source.html
(file missing)
O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-
B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.
html (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00}
- C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-
A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Spyware\ieshield.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?
linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online
Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn.
com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker)
- http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:
\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) -
BackWeb Technologies Inc. - C:
\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure
Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallTest - Unknown owner - C:\Program Files\Digital
Design Ltd\Metric Conversion Calculator\InstallTest.exe" /test (file
missing)
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:
\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:
\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: Metric Conversion Calculator Installer - Unknown owner
- C:\Program Files\Digital Design Ltd\Metric Conversion
Calculator\MCCINST.EXE" /update (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.
exe

ja tässä sit se smitfraudfix jutska

SmitFraudFix v2.132

Scan done at 14:59:17,25, ke 03.01.2007
Run from C:\Documents and Settings\lussut\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\cthkpcv.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lussut

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lussut\Application
Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\lussut\KYNNIS~1\Ohjelmat\Key Generator FOUND !
C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\lussut\Suosikit

C:\DOCUME~1\lussut\Suosikit\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\TYPYT~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\TYPYT~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Key Generator\ FOUND !
C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

fixeri · Jan 3, 2007

Joo eli ajetaas ekana tuo Smitfraudfix optio 2 näin:

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio 2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi ja liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
Lähetä myös uusi HJT logi.

Rammari · Jan 6, 2007

tässäpä tämä smitfraudfix ja uusi hjt-logi, mitäs sitten tehdään ?

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

hjt-logi

Logfile of HijackThis v1.99.1
Scan saved at 12:39:28, on 6.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa
Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.
exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Digital Design Ltd\Installers\MCCINST.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\haijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}
- (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:
\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar39.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:
\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:
\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file
missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:
\Program Files\DAP\DAPIEBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar39.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.
exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa
Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Crazy Frog Mate] C:\Program Files\Crazy Frog
Compagnon\Crazy Frog Mate.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.
exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -
silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.
exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org
2.0\program\quickstart.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: South Park Desktop Friends.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program
Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-
95364C649934} - C:\Program Files\Super Flash Player Manager\source.html
(file missing)
O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-
B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.
html (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00}
- C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-
A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Spyware\ieshield.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?
linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online
Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn.
com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker)
- http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:
\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) -
BackWeb Technologies Inc. - C:
\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure
Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallTest - Unknown owner - C:\Program Files\Digital
Design Ltd\Metric Conversion Calculator\InstallTest.exe" /test (file
missing)
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:
\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:
\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: Metric Conversion Calculator Installer - Unknown owner
- C:\Program Files\Digital Design Ltd\Metric Conversion
Calculator\MCCINST.EXE" /update (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

fixeri · Jan 6, 2007

Sitten merkkaa nuo ja paina Fix checked:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}
- (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:
\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll (file
missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:
\Program Files\DAP\DAPIEBar.dll (file missing)

Sitten katotaan vielä AVG Anti spywarella.

Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
• Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
• Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
• Käynnistä AVG Anti-Spyware.
• Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

• Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
• Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
• Sitten "Reports" valikon alta:

o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

• Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
• "Resident shield is", muuta tila active:sta inactive:ksi
• Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,

sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
• Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

Lähetä myös uusi HJT logi.

Rammari · Jan 6, 2007

No niin, tässäpä näitä olisi raportteja

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:35:25 6.1.2007

+ Scan result:

C:\Program Files\Microsoft AntiSpyware\Quarantine\12960EDF-A8BE-445E-
800A-529BBB\0B09F912-B848-45EE-9D02-6D51F2 -> Adware.180Solutions : No
action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\12960EDF-A8BE-445E-
800A-529BBB\18C909EE-B62C-43D2-9557-1503FD -> Adware.180Solutions : No
action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\12960EDF-A8BE-445E-
800A-529BBB\F5B84290-D02B-45FD-BDAB-B899C6 -> Adware.180Solutions : No
action taken.
C:\Documents and Settings\HP_Omistaja\Omat tiedostot\Omat
musiikkitiedostot\NoblePoker.exe -> Adware.Casino : No action taken.
C:\Documents and Settings\HP_Omistaja\Omat
tiedostot\titan_poker\Install Files\English\SetupPoker.exe -> Adware.
Casino : No action taken.
C:\Documents and Settings\HP_Omistaja\Omat
tiedostot\titan_poker\Install Files\French\SetupPoker.exe -> Adware.
Casino : No action taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP474\A0385859.exe -> Adware.Casino : No action taken.
C:\WINDOWS\Noble Poker setup.exe -> Adware.Casino : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\9BF2EDE6-0291-46E2-
ACBD-A6675F\18FC34AC-EA83-4240-84DA-97B819 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\34C28BCE-5171-4338-9EA7-1302E8 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\994A9E3E-7770-4AC6-AF59-C97C3C -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\9AFF042D-3BF6-4FCC-9303-83C0B9 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\DE24206A-FEBC-48A5-8800-FE44EB -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\E31CF894-5FBC-459A-83FA-5BDAB7 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\F30BE37D-2F73-4F8B-9695-3CC05F -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1841E84-7913-4708-
AAA9-E422AB\F7DBF8AD-D6E0-42D7-BC8F-1ECEF9 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\0CD74F72-7DF2-4780-8DD6-5FC4C1 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\157223C8-3B74-4792-9AE2-7E71D0 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\2E80CE2B-0A5F-49FC-BC40-ADB549 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\3B369983-D294-4BA3-A073-446223 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\6A86B9C3-91B9-42E5-9325-94F251 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\9424109F-85F5-475E-AA46-B2ECE7 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\9C221F45-D441-4767-9064-22A2C4 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\AE6C0151-9012-4E9A-9839-B4774A -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\B2A2CDA4-A216-42CB-8FE1-100B32 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\F587851E-9334-44C3-8D0D-69C9D8 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\FA4552BC-FF1E-46DF-8720-AE60F4 -> Adware.Gator : No action
taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBBFD675-375B-4A85-
8B13-13803B\FCDE6FDD-2C8D-4B33-A2C7-25F763 -> Adware.Gator : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416833.exe -> Adware.Gator : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\41F731D5-0352-4DF3-
BAC7-728EFF\2B109148-F3E8-4F2E-BDCE-EC5E02 -> Adware.NewDotNet : No
action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\41F731D5-0352-4DF3-
BAC7-728EFF\57407810-5911-49FF-8096-94894A -> Adware.NewDotNet : No
action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\41F731D5-0352-4DF3-
BAC7-728EFF\70B77FB1-4C3C-420B-89C9-C130BE -> Adware.NewDotNet : No
action taken.
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416966.dll -> Adware.WorldSecurityOnline : No
action taken.
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\Temporary
Internet Files\Content.IE5\PQI7Z75D\nc[1].anr -> Downloader.Ani : No
action taken.
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\Temporary
Internet Files\Content.IE5\PQI7Z75D\zl[1].anr -> Downloader.Ani : No
action taken.
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\nslD45.tmp -
> Downloader.IstBar : No action taken.
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\ISINST.0XE -
> Downloader.IstBar.pe : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-1540eca1-
23595212.class -> Downloader.OpenStream.y : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-275eaf6f-
5e338cdf.class -> Downloader.OpenStream.y : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-
6487d42a.class -> Downloader.OpenStream.y : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-40baf3a5-
6ef8b3a1.class -> Downloader.OpenStream.y : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-52d8b673-
7715e75d.class -> Downloader.OpenStream.y : No action taken.
C:\Documents and Settings\HP_Omistaja\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-5a8a5bd2-
5e23c277.class -> Downloader.OpenStream.y : No action taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416977.manifest -> Downloader.Zlob : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414503.dll -> Downloader.Zlob.adj : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416988.exe -> Downloader.Zlob.aoc : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414467.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414482.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414492.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414516.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0414532.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0415533.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP486\A0416533.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP487\A0416551.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP487\A0416563.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP487\A0416581.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416933.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416952.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416972.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416974.exe -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416986.dll -> Downloader.Zlob.aog : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416987.exe -> Downloader.Zlob.bfj : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416989.exe -> Downloader.Zlob.bfj : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416991.exe -> Downloader.Zlob.bfj : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416984.dll -> Downloader.Zlob.biu : No action
taken.
C:\System Volume Information\_restore{86283E28-56CD-405F-A5E5-
91300FF64AF1}\RP488\A0416985.exe -> Downloader.Zlob.biu : No action
taken.
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\laf17AC.tmp -
> Not-A-Virus.Hoax.Win32.Renos.nal : No action taken.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@adbrite[2].
txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@advertising[1].txt -> TrackingCookie.
Advertising : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@burstnet[2].txt -> TrackingCookie.
Burstnet : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@paypopup[1].txt -> TrackingCookie.
Paypopup : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@serving-sys[2].txt -> TrackingCookie.
Serving-sys : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@tacoda[1].txt -> TrackingCookie.
Tacoda : No action taken.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ad.
yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\HP_Omistaja\Local
Settings\Temp\Cookies\hp_omistaja@ad.yieldmanager[2].txt ->
TrackingCookie.Yieldmanager : No action taken.

::Report end

Ja Hjt-logi

Logfile of HijackThis v1.99.1
Scan saved at 19:52:27, on 6.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa
Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Digital Design Ltd\Installers\MCCINST.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.
exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\haijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:
//www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:
\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar39.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:
\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar39.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.
exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.
exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa
Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Crazy Frog Mate] C:\Program Files\Crazy Frog
Compagnon\Crazy Frog Mate.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa
Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.
exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -
silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.
exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org
2.0\program\quickstart.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: South Park Desktop Friends.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program
Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-
95364C649934} - C:\Program Files\Super Flash Player Manager\source.html
(file missing)
O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-
B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.
html (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00}
- C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-
A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Spyware\ieshield.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-
4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?
linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) - http://messenger.zone.msn.
com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online
Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn.
com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker)
- http://fdl.msn.com/public/investor/v9.5/ticker.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:
\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s.
- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) -
BackWeb Technologies Inc. - C:
\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure
Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-
Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program
Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa
Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallTest - Unknown owner - C:\Program Files\Digital
Design Ltd\Metric Conversion Calculator\InstallTest.exe" /test (file
missing)
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:
\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:
\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: Metric Conversion Calculator Installer - Unknown owner
- C:\Program Files\Digital Design Ltd\Metric Conversion
Calculator\MCCINST.EXE" /update (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.
exe

fixeri · Jan 6, 2007

Tyhjennä järjestelmän palautus kansio.

Järjestelmän palautus kansion tyhjentäminen.

1. Klikkaa oikealla oma tietokone-kuvaketta
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Valitse "poista järjestelmän palauttaminen kaikissa asemissa"
5. Paina "käytä"
6. Paina OK
7. Käynnistä kone uudelleen
8. Tarkista kone virustorjuntaohjelmalla
9. Poista kaikki saastuneet tiedostot
10. Laita järjestelmän palautus uudelleen päälle.

Lataa ATF cleaner: http://www.download.fi/tyopoytaohjelmat/muut_ohjelmat/atf_cleaner.cfm

-Tallenna työpöydälle.
-Avaa ATF cleaner
-Täppä kohtaan "Select all".
-Klikkaa "Empty selected" ja sitten OK.

Rammari · Jan 7, 2007

Ja nytkö sit kone pitäis olla kondiksessa , vai vieläkö jotain pitäs tehdä ?

fixeri · Jan 7, 2007

Nyt pitäis olla kunnossa, vai vieläkö on ongelmia?

Rammari · Jan 7, 2007

Kyllä kuulemma kone nyt pelittää.
Kummipoika pyysi välittämään jätti isot kiitokset ja kiitokset minultakin.

Log in or Sign up

W32.Myzor.FK@yf tässä olis noi hjt-logi ja smitfraudfix

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

Share This Page

Log in or Sign up

W32.Myzor.FK@yf tässä olis noi hjt-logi ja smitfraudfix

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

fixeri Regular member

Rammari Member

Share This Page

Useful Searches