Koneessa joku outo kuva oikeassa alareunassa. HjT-logi mukana.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155715533015
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



Tommosen login antaa, että jos joku viisaampi voisi auttaa asian kanssa.

 

Lataa SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - [bold]Search[/bold] kirjoittamalla 1 ja painamalla [bold]"Enter"[/bold]; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
[bold]Postita tämän tekstitiedoston sisältö viestiketjuusi.[/bold]
Lähetä myös tuore HJT-loki, kokonainen...

 

SmitFraudFix v2.65

Scan done at 14:30:07,53, ma 16.10.2006
Run from C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\esiasennettu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ESIASE~1\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



SmitfraudFix logi ^^^^^^


HjT logi

Logfile of HijackThis v1.99.1
Scan saved at 14:31:06, on 16.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155715533015
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

Lataa tuosta smitRem.exe, ja tallenna se työpöydällesi.
http://noahdfear.geekstogo.com/click counter/click.php?id=1
Tupla-klikkaa tiedostoa purkaaksesi sen omaan kansioonsa.
[bold]Käynnistä vikasietoilaan.[/bold]
Avaa smitRem kansio, ja tupla-klikkaa RunThis.bat filua ajaaksesi työkalun. Seuraa ohjeita.
Odota kunnes työkalu on valmis ja levyn puhdistus kunnossa.

Työkalu luo seuraavan lokin: smitfiles.txt paikalliselle levyllesi, kuten C: tai sille mille käyttöjärjestelmäsi on asennettu. Postita tämä loki uuden HJT-lokin mukana seuraavaan vastaukseesi.

 

SmitRem:

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [versio 5.1.2600]
"IE"="6.0000"

Running from
C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\Program\\fspex.exe"="C:\\Program Files\\Elisa Tietoturvapalvelu\\backweb\\4119343\\program\\fspex.exe:*:enabled:Elisa Tietoturvapalvelu"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

dpfwu.dll
amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 824 'explorer.exe'
Killing PID 824 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!


HjT:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:43, on 17.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155715533015
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

Hienoa, smitfraud lähti, jatketaan fixiä:
Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa” do a system scan only ”.
Sulje kaikki aukiolevat ohjelmat ja selaimet, merkkaa nämä rivit ja paina Fix checked :
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
Lähetä tuore HJT-loki.

[bold]Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta[/bold]

Lataa AVG Anti-Spyware 7.5
http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "[bold]Update[/bold]" kuvaketta päävalikossa. Sen jälkeen klikkaa "[bold]Update now[/bold]" painiketta.
[*]Sitten klikkaa "[bold]Start Update[/bold]" kuvaketta jolloin päivitys alkaa.
[*]Kun päivitykset on ladattu, klikkaa "[bold]Scanner[/bold]" kuvaketta ikkunan ylälaidassa. Valitse sitten "[bold]Settings[/bold]" välilehti.
[*]Kun [bold]"Settings"[/bold] valikko on auennut, klikkaa "[bold]Recommended actions[/bold]" ja sitten valitse "[bold]Quarantine[/bold]".
[*]Sitten "[bold]Reports[/bold]" valikon alta:
[*]Laita täppi kohtaan "[bold]Automatically generate report after every scan[/bold]"
[*]Ota täppi pois kohdasta"[bold]Only if threats were found[/bold]"
[*]Sitten klikkaa "[bold]Shield[/bold]" kuvaketta ikkunan ylälaidassa
[*]"[bold]Resident shield is[/bold]", muuta tila [bold]active[/bold]:sta [bold]inactive[/bold]:ksi
[*]Sulje ohjelma, [bold]ÄLÄ[/bold] skannaa vielä.
Käynnistä koneesi vikasietotilaan, http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37

[bold]HUOM! [/bold]Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "[bold]Scanner[/bold]" kuvaketta ikkunan ylälaidassa ja valitse "[bold]Scan[/bold]" välilehti. Sitten klikkaa "[bold]Complete System Scan[/bold]".
[*]Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

[bold]Kun skannaus on valmis:[/bold]
[bold]TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" [/bold]
[*]Varmistu, että [bold]Set all elements to:[/bold] näyttää [bold]Quarantine[/bold] [bold](1)[/bold], jos ei, klikkaa linkkiä ja valitse [bold]Quarantine[/bold] popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "[bold]Apply all actions[/bold]"

[*]Sitten klikkaa "[bold]Reports[/bold]" kuvaketta ohjelma yläosasta.
[*]Klikkaa "[bold]Save report as[/bold]" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

 

Avg:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:21:37 17.10.2006

+ Scan result:



C:\Program Files\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-448539723-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D22A64-2399-4EDF-8B32-F2C729C1E8A7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-448539723-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\DCOMCFG.0XE -> Downloader.Zlob.vy : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.238:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.464:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.581:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\esiasennettu\Cookies\esiasennettu@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.96:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.180:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.182:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.61:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.185:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.259:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.634:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.536:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.537:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.266:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.267:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.268:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.29:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.303:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.304:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.260:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.86:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.87:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.335:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.336:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.337:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.450:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.453:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.520:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.524:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.561:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.644:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.645:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.646:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.648:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.649:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.681:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.713:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.42:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.47:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.48:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.576:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.577:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.353:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.605:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.606:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.607:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.608:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.309:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.550:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.551:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.552:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.553:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.341:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.342:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.354:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.355:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.289:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.290:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.291:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.292:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.293:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.515:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.356:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.357:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.274:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.275:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.276:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.277:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.278:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.279:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.712:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.244:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.246:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.528:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.529:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.39:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.40:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.213:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.629:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.359:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.73:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.491:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.492:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.493:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\3v8kl7et.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

HjT:
Logfile of HijackThis v1.99.1
Scan saved at 15:47:07, on 17.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155715533015
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

Moro.
Ihan ensin palauta tämä tiedosto, niin saat F-Securen taas toimimaan:
C:\Program Files\Elisa Tietoturvapalvelu\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).

 

Tehty.

 

Ok, jatketaan.
Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa” do a system scan only ”.
Merkkaa nämä rivit ja paina Fix checked :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Suosittelen vielä tätä ohjelmaa:
Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa [bold]vihreää nuolta[/bold] oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse [bold]Move incurable[/bold] kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa [bold]file[/bold] ja valitse [bold]save report list[/bold]
[*]Tallenna raportti työpöydälle. Raportin nimi on [bold]DrWeb.csv[/bold]
[*]Sulje Dr.Web Cureit.
[*][bold]Käynnistä kone uudelleen[/bold] !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.


[bold]Javan päivitys ja välimuistin tyhjennys:[/bold]
Poista entinen Java (J2SE) Lisää/Poista sovelluksista, ja hae manuaalisesti täältä uusin:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen [bold]Java Runtime Environment (JRE) 5.0 Update 8[/bold]
Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja siitä Java asetuksiisi.
Temporary Internet Files -osion alla, klikkaa [bold]Delete Files nappia.[/bold]
Varmista että kaikki kolme valintaa ovat rastitettuja:
[bold]Downloaded Applets
Downloaded Applications
Other Files[/bold]
Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

Klikkaa OK jättääksesi Java asetusikkunasi.

 

Process.exe;C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\Documents and Settings\esiasennettu\Omat tiedostot\Siivoussoftia\smitRem;Tool.Prockill;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.617;Incurable.Moved.;
A0107828.dll;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183;Probably STPAGE.Trojan;Incurable.Moved.;
A0107829.exe;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183;Trojan.Popuper;Deleted.;
A0107843.dll;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183;Trojan.Fakealert.199;Deleted.;
A0107849.exe;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183;Trojan.Popuper;Deleted.;
A0107850.exe\data002;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183\A0107850.exe;Probably STPAGE.Trojan;;
A0107850.exe;C:\System Volume Information\_restore{5D2C7B0C-4392-4214-B42D-878379CA0DFF}\RP183;Archive contains infected objects;Moved.;
fscax.dll;C:\WINDOWS\Downloaded Program Files;Probably BINARYRES;Incurable.Moved.;

Siinähän se, en ollut varma pitikö HjT logi laittaa joten en laittanut.

 

Moi. Nyt näyttää hyvältä. Miten kone toimii?

 

Kiitos, kone toimii kuten pitääkin.