APUA! Joitain uusia ei-haluttuja kuvakkeita "quick launch" valikossa ja työpöydällä

Eli ongelmana olisi nyt että vähän aika sitten tuli tuonne oikealle alhaalle kuvaruutuun jotain kuvakkeita, ja toinen valittaa vähän väliä, että "your computer has infected" ja toinen että "system alert: popups".
Myös työpöydälle on tullut jotkin kaksi kuvaketta: Online security guide" ja online troubleshooting". Mitään noista kuvakkeista en ole tahtonut. Oon myös koneen tarkistanut ewidolla, mutta ei se niitä poistanut. Nyt kaipaisin todellakin apua.

 

Jepulis, eli smitfraudia pukkaa ilmeisesti.

Lataa SmitfraudFix (c) S!Ri
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Laita lisäksi HjT-loki
Tallenna hakemistoon c:\hjt, käynnistä,
klikkaa do a system scan and save a logfile

Pyydän jotain modea siirtämään tämän ketjun.

 

Eli tässä olis molemmat:

SmitFraudFix v2.79

Scan done at 20:48:36,85, la 05.08.2006
Run from I:\Documents and Settings\TEMP\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» I:\


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32

I:\WINDOWS\system32\viruxz.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\TEMP\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\TEMP\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

I:\DOCUME~1\ALLUSE~1\TYPYT~1\Online Security Guide.url FOUND !
I:\DOCUME~1\ALLUSE~1\TYPYT~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files

I:\Program Files\IntCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 21:23:23, on 5.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
I:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
I:\Program Files\IntCodec\isamonitor.exe
I:\Program Files\IntCodec\pmsngr.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\IntCodec\isamini.exe
I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
I:\Program Files\IntCodec\pmmon.exe
I:\Program Files\Ahead\InCD\InCD.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
I:\Program Files\iPod\bin\iPodService.exe
I:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
I:\Program Files\MessengerPlus! 3\MsgPlus.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\CursorXP\CursorXP.exe
I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - I:\Program Files\IntCodec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] I:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinPatrol] I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [F-Secure Manager] "I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "I:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [WindowBlinds] I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://i:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://i:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://i:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://i:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - I:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://i:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://i:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://munky-1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - I:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - I:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - I:\WINDOWS\system32\viruxz.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - I:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

 

Juu, eli smitfraud siellä tosiaan on.

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Laita myös uusi HjT-loki, niin katsellaan josko sinne jotain kivaa vielä jäi.

 

Tässä tulee taas:

SmitFraudFix v2.79

Scan done at 21:42:22,92, la 05.08.2006
Run from I:\Documents and Settings\Lauri\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

I:\WINDOWS\system32\viruxz.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c
I:\WINDOWS\system32\viruxz.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

I:\DOCUME~1\ALLUSE~1\TYPYT~1\Online Security Guide.url Deleted
I:\DOCUME~1\ALLUSE~1\TYPYT~1\Security Troubleshooting.url Deleted
I:\Program Files\IntCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 21:49:39, on 5.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
I:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Ahead\InCD\InCD.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
I:\Program Files\iPod\bin\iPodService.exe
I:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
I:\Program Files\MessengerPlus! 3\MsgPlus.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\CursorXP\CursorXP.exe
I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
I:\Program Files\Opera\Opera.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\HijackThis\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - I:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] I:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinPatrol] I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [F-Secure Manager] "I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "I:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [WindowBlinds] I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://i:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://i:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://i:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://i:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - I:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://i:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://i:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://munky-1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - I:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - I:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - I:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

 

Fixaa HjT:lla ( Do a system scan only ) merkkaa, ja paina fix checked.

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - I:\Program Files\IntCodec\isaddon.dll (file missing)

Muuten on ok.

Onkos vielä ongelmia?

 

Ei ole enää ongelmia. Kaikki kuvakkeet hävis, kiitos tosi paljon avusta

 

Eipä tuosta vaivaa liikaa ollut =) Hyvä kun tuli kuntoon.