Kone takkuilee, hjt ja smitfraudfix -logi

Voisko joku tarkastaa nämä:

Logfile of HijackThis v1.99.1
Scan saved at 12:11:24, on 21.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
I:\Program Files\ewido anti-spyware 4.0\guard.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
I:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Ahead\InCD\InCD.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\DAEMON Tools\daemon.exe
I:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
I:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\WINDOWS\system32\cmd.exe
I:\WINDOWS\NOTEPAD.EXE
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Documents and Settings\Lauri\Omat tiedostot\Torrentit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] I:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinPatrol] I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [F-Secure Manager] "I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "I:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WindowBlinds] I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [SsAAD.exe] I:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://i:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://i:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://i:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://i:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - I:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://i:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://i:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://munky-1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - I:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - I:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Ja tässä SmitfraudFix:

SmitFraudFix v2.112

Scan done at 11:50:21,06, la 21.10.2006
Run from I:\Documents and Settings\Lauri\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» I:\


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\Lauri


»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\Lauri\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

I:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
I:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\Lauri\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Lataa Ewido http://www.ewido.net/en/download/

Asenna ja päivitä se, älä scannaa vielä!

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

Nyt voit ajattaa scannin tuolla aikaisemmin asentamallasi ewidolla, tarkempia ohjeita täällä --> http://aaxxeell.googlepages.com/ewido4
siellä on kohta mistä saat ohjeet login lähettämiseksi tänne.

Lähetä siis smitfraudfix raportti, ewidon raportti ja uusi hjt-logi.

 

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 13:44:46, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5700.0006)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
I:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Ahead\InCD\InCD.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\DAEMON Tools\daemon.exe
I:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\Program Files\ATI Technologies\ATI.ACE\cli.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\Lauri\Omat tiedostot\Torrentit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] I:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinPatrol] I:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [F-Secure Manager] "I:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "I:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "I:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [WindowBlinds] I:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [SsAAD.exe] I:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://i:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://i:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://i:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://i:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - I:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://i:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://i:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @I:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://munky-1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - I:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - I:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - I:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - I:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - I:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - I:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - I:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - I:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:43:17 22.10.2006

+ Scan result:



I:\Program Files\varmarit\fsdfwd.exe -> Adware.Gator : Ignored and added to exceptions
I:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
I:\Documents and Settings\User\Cookies\user@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.35:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.36:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.26:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.27:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.74:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.75:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.34:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.36:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
I:\Documents and Settings\User\Cookies\user@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.31:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
I:\Documents and Settings\Anitta\Cookies\anitta@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.58:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.59:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.40:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:I:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rg4mmj2x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.63:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.64:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.60:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:I:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\c3d1ly81.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
I:\Documents and Settings\Lauri\Cookies\lauri@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
I:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Ja SmitfraudFix:

SmitFraudFix v2.112

Scan done at 16:34:56,10, la 21.10.2006
Run from I:\Documents and Settings\Lauri\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

I:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url Deleted
I:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Nyt näyttää paremmalta, onko vielä ongelmia?

Javan voisit vielä päivittää, tässä ohjeita:
1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
8. Varmista että kaikki kolme valintaa ovat rastitettuja:

Downloaded Applets
Downloaded Applications
Other Files

9. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
10. Klikkaa OK jättääksesi Java asetusikkunasi.

 

Hmm...no vieläin takkuilee jonkun verran...Kaikki keinot on varmaan kokeiltu, ja n. vuosi sitten koneeseen vaihdettiin kova/emolevy, eikä näyttänyt sekään auttavan, joten en enää oikein tajua mitä pitäis tehä. Mutta kuitenkin ihan siedettävää on tämän koneen kanssa työskentely.

 

Voisit vielä koittaa tyhjentää konettasi turhista tiedostoista. Lataa easycleaner ja etsi sillä vialliset rekisteritietueet (Rekisteri) ja etsi ja poista turhat tiedostot (Turhat). Ohjeita ohjelman käyttöön --> http://node.fi/~kristal/oppaat.easycleaner.php