Miten sais poistettua..

Juhoo

Elikkä näyttöni oikeaan alakulmaan tulee vähän väliä ilmoitus 'Your computer is infected.
Windows has detected spyware detection'. Elikkä tollainen: http://www.precisesecurity.com/images/spyaxe warning.gif Kun klikkaa ilmoitusta, avautuu ie ja Spyware Sheriff -sivusto avautuu.. Olen koittanut poistaa spywarea mm. Spybotilla, SpySweeperillä ja PestPatrolilla, mutta sama ilmoitus ilmestyy silti.. Sain ilmoituksen poistumaan kokeilemalla sulkemalla eri prosesseja Windowsin tehtävien hallinnasta ja sulkemalla prosessin wupdmgr.exe, mutta en ole varma oliko ongelma juuri siinä.. Ja toivon jotain yksinkertaisia poisto-ohjeita :D

17

884

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Juhoo

      Logfile of HijackThis v1.99.1
      Scan saved at 16:39:21, on 26.5.2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SYSTEM32\rundll32.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\CTSvcCDA.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\WINDOWS\Mixer.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
      C:\PROGRA~1\MSNMES~1\msnmsgr.exe
      C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: Shell=
      F3 - REG:win.ini: run=
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
      O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
      O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
      O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\q8860ilse8q60.dll
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
      O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      • mitä löytyy

        Lataa työpöydälle
        http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla Enter; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi


      • Juhoo
        mitä löytyy kirjoitti:

        Lataa työpöydälle
        http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla Enter; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi

        SmitFraudFix v2.48

        Scan done at 16:50:57,62, pe 26.05.2006
        Run from C:\Documents and Settings\Juho Ylinen\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600]
        Fix ran in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\

        C:\secure32.html FOUND !
        C:\uniq FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

        C:\WINDOWS\osaupd.exe FOUND !
        C:\WINDOWS\wupdmgr.exe FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juho Ylinen\Application Data

        C:\Documents and Settings\Juho Ylinen\Local Settings\Application Data\SpywareSheriff FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHOYL~1\Suosikit

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        C:\Program Files\secure32.html FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"

        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

        »»»»»»»»»»»»»»»»»»»»»»»» End


      • puhdistaa
        Juhoo kirjoitti:

        SmitFraudFix v2.48

        Scan done at 16:50:57,62, pe 26.05.2006
        Run from C:\Documents and Settings\Juho Ylinen\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600]
        Fix ran in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\

        C:\secure32.html FOUND !
        C:\uniq FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

        C:\WINDOWS\osaupd.exe FOUND !
        C:\WINDOWS\wupdmgr.exe FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juho Ylinen\Application Data

        C:\Documents and Settings\Juho Ylinen\Local Settings\Application Data\SpywareSheriff FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHOYL~1\Suosikit

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        C:\Program Files\secure32.html FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"

        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

        »»»»»»»»»»»»»»»»»»»»»»»» End

        Käynnistä koneesi vikasietotilaan

        Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

        Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

        Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

        Käynnistä sitte kone normaalisti ja uudestaan

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla Enter; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.
        Pistä samalla uus Hijack logi


      • Juhoo
        puhdistaa kirjoitti:

        Käynnistä koneesi vikasietotilaan

        Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

        Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

        Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

        Käynnistä sitte kone normaalisti ja uudestaan

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla Enter; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.
        Pistä samalla uus Hijack logi

        SmitFraudFix v2.48

        Scan done at 17:24:46,12, pe 26.05.2006
        Run from C:\Documents and Settings\Juho Ylinen\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600]
        Fix ran in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

        C:\WINDOWS\wupdmgr.exe FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juho Ylinen\Application Data

        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHOYL~1\Suosikit

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

        »»»»»»»»»»»»»»»»»»»»»»»» End

        Logfile of HijackThis v1.99.1
        Scan saved at 17:25:42, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\SYSTEM32\rundll32.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\notepad.exe
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


      • jatketaan puhdistusta
        Juhoo kirjoitti:

        SmitFraudFix v2.48

        Scan done at 17:24:46,12, pe 26.05.2006
        Run from C:\Documents and Settings\Juho Ylinen\Ty”p”yt„\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600]
        Fix ran in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

        C:\WINDOWS\wupdmgr.exe FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juho Ylinen\Application Data

        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUHOYL~1\Suosikit

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

        »»»»»»»»»»»»»»»»»»»»»»»» End

        Logfile of HijackThis v1.99.1
        Scan saved at 17:25:42, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\SYSTEM32\rundll32.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\notepad.exe
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Lataa Look2Me-Destroyer http://www.atribune.org/ccount/click.php?id=7 työpöydällesi.[list]
        [*]Sulje kaikki ikkunat ennen jatkamista.
        [*]Tuplaklikkaa Look2Me-Destroyer.exeajaaksesi ohjelman.
        [*]Rastita Run this program as a task.
        [*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
        [*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
        [*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
        [*]Saat Done Scanning viestin, klikkaa OK].
        [*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
        [*]Tietokoneesi sammuttaa itsensä.
        [*]Käynnistä koneesi uudelleen.
        [*]Postita C:\Look2Me-Destroyer.txt-tiedoston sisältö uuden HijackThis login kera postiisi.
        Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

        Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

        http://www.ascentive.com/support/new/images/lib/MSWINSC K.OCX


      • Juhoo
        jatketaan puhdistusta kirjoitti:

        Lataa Look2Me-Destroyer http://www.atribune.org/ccount/click.php?id=7 työpöydällesi.[list]
        [*]Sulje kaikki ikkunat ennen jatkamista.
        [*]Tuplaklikkaa Look2Me-Destroyer.exeajaaksesi ohjelman.
        [*]Rastita Run this program as a task.
        [*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
        [*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
        [*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
        [*]Saat Done Scanning viestin, klikkaa OK].
        [*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
        [*]Tietokoneesi sammuttaa itsensä.
        [*]Käynnistä koneesi uudelleen.
        [*]Postita C:\Look2Me-Destroyer.txt-tiedoston sisältö uuden HijackThis login kera postiisi.
        Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

        Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

        http://www.ascentive.com/support/new/images/lib/MSWINSC K.OCX

        Look2Me-Destroyer V1.0.12

        Scanning for infected files.....
        Scan started at 26.5.2006 17:46:02

        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll
        Infected! C:\WINDOWS\system32\cjrsrv.dll
        Infected! C:\WINDOWS\system32\fke.dll
        Infected! C:\WINDOWS\system32\gp4sl3h71.dll
        Infected! C:\WINDOWS\system32\kcdusl.dll
        Infected! C:\WINDOWS\system32\kidhe.dll
        Infected! C:\WINDOWS\system32\l22s0cf7ef2.dll
        Infected! C:\WINDOWS\system32\mv8ml9l11.dll
        Infected! C:\WINDOWS\system32\mxrui.dll
        Infected! C:\WINDOWS\system32\skdpsrv.dll
        Infected! C:\WINDOWS\system32\sUfrcdlg.dll
        Infected! C:\WINDOWS\system32\wfnotify.dll

        Attempting to delete infected files...

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\cjrsrv.dll
        C:\WINDOWS\system32\cjrsrv.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\fke.dll
        C:\WINDOWS\system32\fke.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\gp4sl3h71.dll
        C:\WINDOWS\system32\gp4sl3h71.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\kcdusl.dll
        C:\WINDOWS\system32\kcdusl.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\kidhe.dll
        C:\WINDOWS\system32\kidhe.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\l22s0cf7ef2.dll
        C:\WINDOWS\system32\l22s0cf7ef2.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\mv8ml9l11.dll
        C:\WINDOWS\system32\mv8ml9l11.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\mxrui.dll
        C:\WINDOWS\system32\mxrui.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\skdpsrv.dll
        C:\WINDOWS\system32\skdpsrv.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\sUfrcdlg.dll
        C:\WINDOWS\system32\sUfrcdlg.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\wfnotify.dll
        C:\WINDOWS\system32\wfnotify.dll Deleted successfully!

        Making registry repairs.

        Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{362D5A6B-3D8F-4D4B-B271-560B5DB03983}"
        HKCR\Clsid\{362D5A6B-3D8F-4D4B-B271-560B5DB03983}

        Restoring Windows certificates.

        Replaced hosts file with default windows hosts file

        Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded

        Logfile of HijackThis v1.99.1
        Scan saved at 17:56:36, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\osaupd.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


      • seuraavat rivit
        Juhoo kirjoitti:

        Look2Me-Destroyer V1.0.12

        Scanning for infected files.....
        Scan started at 26.5.2006 17:46:02

        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll
        Infected! C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll
        Infected! C:\WINDOWS\system32\cjrsrv.dll
        Infected! C:\WINDOWS\system32\fke.dll
        Infected! C:\WINDOWS\system32\gp4sl3h71.dll
        Infected! C:\WINDOWS\system32\kcdusl.dll
        Infected! C:\WINDOWS\system32\kidhe.dll
        Infected! C:\WINDOWS\system32\l22s0cf7ef2.dll
        Infected! C:\WINDOWS\system32\mv8ml9l11.dll
        Infected! C:\WINDOWS\system32\mxrui.dll
        Infected! C:\WINDOWS\system32\skdpsrv.dll
        Infected! C:\WINDOWS\system32\sUfrcdlg.dll
        Infected! C:\WINDOWS\system32\wfnotify.dll

        Attempting to delete infected files...

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP553\A0118202.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118257.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP554\A0118274.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118372.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP555\A0118381.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP556\A0118436.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118765.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118783.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118788.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118801.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118810.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118815.dll Deleted successfully!

        Attempting to delete: C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll
        C:\System Volume Information\_restore{327F1D1D-E51F-493D-B430-E9CF97F9B4BA}\RP559\A0118822.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\cjrsrv.dll
        C:\WINDOWS\system32\cjrsrv.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\fke.dll
        C:\WINDOWS\system32\fke.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\gp4sl3h71.dll
        C:\WINDOWS\system32\gp4sl3h71.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\kcdusl.dll
        C:\WINDOWS\system32\kcdusl.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\kidhe.dll
        C:\WINDOWS\system32\kidhe.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\l22s0cf7ef2.dll
        C:\WINDOWS\system32\l22s0cf7ef2.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\mv8ml9l11.dll
        C:\WINDOWS\system32\mv8ml9l11.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\mxrui.dll
        C:\WINDOWS\system32\mxrui.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\skdpsrv.dll
        C:\WINDOWS\system32\skdpsrv.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\sUfrcdlg.dll
        C:\WINDOWS\system32\sUfrcdlg.dll Deleted successfully!

        Attempting to delete: C:\WINDOWS\system32\wfnotify.dll
        C:\WINDOWS\system32\wfnotify.dll Deleted successfully!

        Making registry repairs.

        Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{362D5A6B-3D8F-4D4B-B271-560B5DB03983}"
        HKCR\Clsid\{362D5A6B-3D8F-4D4B-B271-560B5DB03983}

        Restoring Windows certificates.

        Replaced hosts file with default windows hosts file

        Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded

        Logfile of HijackThis v1.99.1
        Scan saved at 17:56:36, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\osaupd.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Käynnistä Hijackthis-ohjelma ja (do a system scan only, merkkaa seuraavat rivit ja paina fix checked):

        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll (file missing)

        lataa
        http://www.ewido.net/en/download/
        ohje asentamiseen http://keskustelu.afterdawn.com/thread_view.cfm/269186
        päivitä ja aja complete system scan
        talleta loki ja laita se tänne uuden HJT-lokin kanssa


      • Juhoo
        seuraavat rivit kirjoitti:

        Käynnistä Hijackthis-ohjelma ja (do a system scan only, merkkaa seuraavat rivit ja paina fix checked):

        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll (file missing)

        lataa
        http://www.ewido.net/en/download/
        ohje asentamiseen http://keskustelu.afterdawn.com/thread_view.cfm/269186
        päivitä ja aja complete system scan
        talleta loki ja laita se tänne uuden HJT-lokin kanssa

        Toi ewido jäi vaan vähän niinku jumittamaan tossa skannauksessa 46,9% kohalle.. Ja en oo varma oisko mun pitäny valita että se poistaa ne ongelmat mitä se löytää skannauksessa vai ei? Valitsin että poistaa..


      • oikein..
        Juhoo kirjoitti:

        Toi ewido jäi vaan vähän niinku jumittamaan tossa skannauksessa 46,9% kohalle.. Ja en oo varma oisko mun pitäny valita että se poistaa ne ongelmat mitä se löytää skannauksessa vai ei? Valitsin että poistaa..

        Jos ei mene läpi niin
        Käynnistä kone uudelleen ja paina F8 käynnistyksen jälkeen niin kauan että saat windowsin valikon josta valitset vikasietotilan
        ja skannaa sitten uudelleen


      • Juhoo
        seuraavat rivit kirjoitti:

        Käynnistä Hijackthis-ohjelma ja (do a system scan only, merkkaa seuraavat rivit ja paina fix checked):

        O4 - Startup: spywaresheriff.lnk = C:\Program Files\SpywareSheriff\spywaresheriff.exe
        O20 - Winlogon Notify: NetCache - C:\WINDOWS\system32\mv8ml9l11.dll (file missing)

        lataa
        http://www.ewido.net/en/download/
        ohje asentamiseen http://keskustelu.afterdawn.com/thread_view.cfm/269186
        päivitä ja aja complete system scan
        talleta loki ja laita se tänne uuden HJT-lokin kanssa

        Se jäi taas jumittamaan siihen samaan kohtaan, ku ajoin sen vikasietotilassa. Laitan toho ny kuitenki raportin siitä mihin asti se pääs.. :

        ---------------------------------------------------------
        ewido anti-malware - Scan report
        ---------------------------------------------------------

        Created on: 19:44:57, 26.5.2006
        Report-Checksum: E5571E70

        Scan result:

        :mozilla.10:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
        :mozilla.14:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
        :mozilla.24:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
        :mozilla.30:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
        :mozilla.31:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
        :mozilla.63:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
        :mozilla.73:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
        :mozilla.82:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
        :mozilla.83:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
        :mozilla.86:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
        :mozilla.116:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
        :mozilla.123:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
        :mozilla.131:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
        :mozilla.147:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

        ::Report End

        Ja tossa HijackThis:

        Logfile of HijackThis v1.99.1
        Scan saved at 20:00:44, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\osaupd.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: wupdmgr.exe
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


      • escan paremmin
        Juhoo kirjoitti:

        Se jäi taas jumittamaan siihen samaan kohtaan, ku ajoin sen vikasietotilassa. Laitan toho ny kuitenki raportin siitä mihin asti se pääs.. :

        ---------------------------------------------------------
        ewido anti-malware - Scan report
        ---------------------------------------------------------

        Created on: 19:44:57, 26.5.2006
        Report-Checksum: E5571E70

        Scan result:

        :mozilla.10:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
        :mozilla.14:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
        :mozilla.24:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
        :mozilla.30:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
        :mozilla.31:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
        :mozilla.63:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
        :mozilla.73:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
        :mozilla.82:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
        :mozilla.83:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
        :mozilla.86:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
        :mozilla.116:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
        :mozilla.123:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
        :mozilla.131:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
        :mozilla.147:C:\Documents and Settings\Juho Ylinen\Application Data\Mozilla\Firefox\Profiles\ey7bt5u7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

        ::Report End

        Ja tossa HijackThis:

        Logfile of HijackThis v1.99.1
        Scan saved at 20:00:44, on 26.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\osaupd.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: wupdmgr.exe
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - C:\WINDOWS\system32\coiqobec.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Lataa escan
        http://koti.mbnet.fi/pattaya1/escanmwav.htm
        asennat päivität tapa 2 laitat täpit merkkauksien mukaan

        scannat tallena alaikkunasta loki Virukset ja laita tänne jos jotain tulee.


      • semmosta nyt

        mitähän siintä vielä löytyy ???


      • Juhoo
        escan paremmin kirjoitti:

        Lataa escan
        http://koti.mbnet.fi/pattaya1/escanmwav.htm
        asennat päivität tapa 2 laitat täpit merkkauksien mukaan

        scannat tallena alaikkunasta loki Virukset ja laita tänne jos jotain tulee.

        Ekan kerran ku skannasin escanilla, mutsi meni sammuttamaan koneen kesken skannauksen, joka oli ehtinyt ehkä tunnin skannata. Seuraavan kerran ku käynnistin koneen siitä spywaresta ei ollut enää tietoa (ilmoituksia ei alkanut tulemaan). Vedin vielä kerran escannin läpi sen jälkeen. escanin logia en viitti tänne pasteta ku se on sellanen kilometrin mittanen..
        Mut tos hijackthisin logi:

        Logfile of HijackThis v1.99.1
        Scan saved at 14:48:23, on 27.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Kaspersky\mwavscan.com
        C:\Kaspersky\kavss.exe
        C:\WINDOWS\system32\taskmgr.exe
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Ja kiitos vaan kovasti ku saatiin poistettua se matolainen.. Tai ei ainakaan tule niitä häiritseviä ilmoituksia enää. Tälläsestä asiasta ku veis tietokoneen tietokonehuoltoon, ne ryöstäis housutki jalasta (:


      • tossa
        semmosta nyt kirjoitti:

        mitähän siintä vielä löytyy ???

        Ainii se escannin logi piti vaa siitä alareunasta.. tossa:

        File C:\WINDOWS\WHCC2.exe tagged as not-a-virus:AdWare.Win32.WebHancer.351. No Action Taken.
        File C:\WINDOWS\system32\Amcis2.dll tagged as not-a-virus:AdWare.Win32.Aureate.a. No Action Taken.
        File C:\WINDOWS\system32\IPCClient.dll_tobedeleted tagged as not-a-virus:AdWare.Win32.Aureate.a. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\aPrivacy\aprivacysetup.exe tagged as not-a-virus:AdWare.Win32.CommonName.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Burn4Free\Burn4Free_Setup.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\fircxp\FircXP.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\iMesh\iMeshV4.exe tagged as not-a-virus:Server-Proxy.Win32.MarketScore.f. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Lataukset\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Omat videotiedostot\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Win32.Gator.3202. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Vaaput\Burn4Free_Setup.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Sekalaiset\Sekalaista\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Sekalaiset\ti-86 games\mozilla dl\BitTorrent-4.0.4.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
        File C:\drmxdexa.exe infected by "not-virus:Hoax.Win32.Renos.cn" Virus. Action Taken: File Renamed.
        File C:\joowc.exe infected by "Trojan-PSW.Win32.Sinowal.q" Virus. Action Taken: File Deleted.
        File C:\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
        File C:\Program Files\kbtu.exe infected by "not-virus:Hoax.Win32.Renos.dc" Virus. Action Taken: File Renamed.
        File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
        File C:\rxboqdi.exe infected by "Trojan-Downloader.Win32.Small.csn" Virus. Action Taken: File Deleted.


      • ewido uudelleen
        tossa kirjoitti:

        Ainii se escannin logi piti vaa siitä alareunasta.. tossa:

        File C:\WINDOWS\WHCC2.exe tagged as not-a-virus:AdWare.Win32.WebHancer.351. No Action Taken.
        File C:\WINDOWS\system32\Amcis2.dll tagged as not-a-virus:AdWare.Win32.Aureate.a. No Action Taken.
        File C:\WINDOWS\system32\IPCClient.dll_tobedeleted tagged as not-a-virus:AdWare.Win32.Aureate.a. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\aPrivacy\aprivacysetup.exe tagged as not-a-virus:AdWare.Win32.CommonName.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Burn4Free\Burn4Free_Setup.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\fircxp\FircXP.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\iMesh\iMeshV4.exe tagged as not-a-virus:Server-Proxy.Win32.MarketScore.f. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Lataukset\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Omat videotiedostot\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Win32.Gator.3202. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Juho\Vaaput\Burn4Free_Setup.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Sekalaiset\Sekalaista\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
        File C:\Documents and Settings\Juho Ylinen\Työpöytä\Sekalaiset\ti-86 games\mozilla dl\BitTorrent-4.0.4.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
        File C:\drmxdexa.exe infected by "not-virus:Hoax.Win32.Renos.cn" Virus. Action Taken: File Renamed.
        File C:\joowc.exe infected by "Trojan-PSW.Win32.Sinowal.q" Virus. Action Taken: File Deleted.
        File C:\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
        File C:\Program Files\kbtu.exe infected by "not-virus:Hoax.Win32.Renos.dc" Virus. Action Taken: File Renamed.
        File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
        File C:\rxboqdi.exe infected by "Trojan-Downloader.Win32.Small.csn" Virus. Action Taken: File Deleted.

        käynnistä vikaisetotilaan ja aja ewido.
        jos se nyt menisi läpi


      • javattaja
        Juhoo kirjoitti:

        Ekan kerran ku skannasin escanilla, mutsi meni sammuttamaan koneen kesken skannauksen, joka oli ehtinyt ehkä tunnin skannata. Seuraavan kerran ku käynnistin koneen siitä spywaresta ei ollut enää tietoa (ilmoituksia ei alkanut tulemaan). Vedin vielä kerran escannin läpi sen jälkeen. escanin logia en viitti tänne pasteta ku se on sellanen kilometrin mittanen..
        Mut tos hijackthisin logi:

        Logfile of HijackThis v1.99.1
        Scan saved at 14:48:23, on 27.5.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Mixer.exe
        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
        C:\WINDOWS\System32\CTSvcCDA.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\program files\valve\steam\steam.exe
        C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Kaspersky\mwavscan.com
        C:\Kaspersky\kavss.exe
        C:\WINDOWS\system32\taskmgr.exe
        C:\Documents and Settings\Juho Ylinen\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=
        O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
        O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
        O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
        O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Ja kiitos vaan kovasti ku saatiin poistettua se matolainen.. Tai ei ainakaan tule niitä häiritseviä ilmoituksia enää. Tälläsestä asiasta ku veis tietokoneen tietokonehuoltoon, ne ryöstäis housutki jalasta (:

        Vanha java
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

        Poista kaikki vanhat javat lisää poista sovellutuksesta

        ja lataa tuolta uusi versio
        http://www.java.com/en/download/index.jsp


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Mihin Ilkka Kanerva kuoli?

      Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti
      Maailman menoa
      263
      16822
    2. Oho! Susanna Laine uudessa hiustyylissä - Julkkismeikkaajalta tiukka palaute: "Ihan sama..."

      Ex-Salkkarit tähti ja juontaja Susanna Laine on monessa mukana. Ex-missi tunnetaan pitkistä, vaaleista hiuksistaan . Mitäs tykkäät uudesta hiustyylist
      Kotimaiset julkkisjuorut
      23
      5414
    3. Ilkka kanerva

      Ilkka Kanerva kuollut 74v
      Turku
      115
      2560
    4. Yllätyspaljastus: Poppari Robin Packalen kiittää urastaan iskelmätähti Juha Tapiota: "Jos mä en..."

      Oi, mikä tarina. Juha Tapio ja Robin ovat kyllä symppiksiä molemmat. Kumpi heistä on suosikkisi? https://www.suomi24.fi/viihde/yllatyspaljastus-poppar
      Kotimaiset julkkisjuorut
      15
      2036
    5. Venäjän lippulaiva Moskva upotettu Mustallamerellä

      Venäjän laivaston lippulaiva Mustalalmerellä on 180 m pituinen, Neuvostoliiton aikana rakennettu Moskva-niminen risteilijä. Ukraina ilmoitti eilen saa
      Maailman menoa
      336
      1755
    6. Pikkaraiskan puhelut

      Mitä tuo jätkä hakee sillä että julkaisee kuinka kauan on puhunut puhelimessa? Tekee itsestään vieläkin idiootimman tuolla vai mikä tää juttu?
      Kotimaiset julkkisjuorut
      111
      986
    7. Ilkka Kanerva on kuollut

      74-vuotiaana.
      Maailman menoa
      59
      948
    8. Hossein Najaf juotti lapset humalaan ja käytti häikäilemättä hyväkseen

      Keski-Suomen käräjäoikeus on tuominnut 60-vuotiaan Hossein Najafin neljän vuoden vankeusrangaistukseen. Ensimmäisen tytön kanssa hän oli useita kerto
      Maailman menoa
      30
      861
    9. Sofia Belorf ja Sonja Aiello

      Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?
      Kotimaiset julkkisjuorut
      43
      856
    Aihe