ongelmalliset mainosikkunat

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 26.12.2024 / 15:47

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > ongelmalliset mainosikkunat

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

ongelmalliset mainosikkunat

Siirry:

Kirjoittaja

Viesti

miikak84

Newbie

17. tammikuuta 2006 @ 16:54

Linkki tähän viestiin

Onko kellään kokemusta koneella surffatessa pomppiviin mainosikkunoihin jotka häiritsevät erittäin pahasti käyttöä.
Ajoin spybotilla tarkistuksen läpi joka havaitsi kyseiset ongelmat: Casino PopUpstuff, Connect MFC Application ja MagicControl.Agent

Kun nämä ongelmat korjaa, käynnistää koneen uudelleen ja skannaa spybotilla taas niin ongelmat ilmestyvät takaisin.

Osaako kukaan neuvoa kuinka pääsisin tästä ongelmasta eroon ja mitä tulisi tehdä? Mainokset ovat kiusallisia. Kovalevyn formatointi olisi aika työläs vaihtoehto joten ajattelin jospa jollakulla olisi helpompikin tapa vapautua ongelmista...?

Kiitos jo etukäteen jos joku viitsii/osaa olla avuksi...

[ + lainaa]

spertti

Senior Member

17. tammikuuta 2006 @ 18:23

Linkki tähän viestiin

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

[ + lainaa]

miikak84

Newbie

17. tammikuuta 2006 @ 18:29

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 23:28:30, on 17.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearch.exe
C:\Program Files\Office Mouse\MOUSE32A.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearchIndexer.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\dc++\DCPlusPlus.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.*.f;*.*.*.;loca;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search -työkalurivi Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1072.dll,InstantAccess
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows-työpöytähaku.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?f5e47f3cc7734ceaa394d61c3a5515a
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?f5e47f3cc7734ceaa394d61c3a5515a
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki - {0795F49C-AC69-4900-97B9-D0236B0F67C8} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {18DA0820-87FF-442C-8398-9105B6B055A5} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {F69D706E-8A6D-4A3C-BE6E-F327B35B79DA} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://F:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://F:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://F:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1072_XP.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://F:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

[ + lainaa]

spertti

Senior Member

17. tammikuuta 2006 @ 18:44

Linkki tähän viestiin

Fixaa nämä:

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1072.dll,InstantAccess
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
O16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066_XP.cab
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1072_XP.cab

Skannaa Ewidolla > http://keskustelu.afterdawn.com/thread_view.cfm/269186

Laita Ewidon raportti, ja hjT-loki.

[ + lainaa]

miikak84

Newbie

18. tammikuuta 2006 @ 16:13

Linkki tähän viestiin

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:01:42, 18.1.2006
+ Report-Checksum: 523C810A

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned without backup
HKU\S-1-5-21-1957994488-606747145-725345543-1003\Software\EGDHTML -> Dialer.Generic : Cleaned without backup
[372] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[396] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[440] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[452] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[596] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[656] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned without backup
[692] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[740] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[836] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[996] VM_028C1000 -> Adware.NaviPromo : Error during cleaning
[1080] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[1252] VM_00AA1000 -> Adware.NaviPromo : Error during cleaning
[1260] VM_00B41000 -> Adware.NaviPromo : Error during cleaning
[1280] VM_009C1000 -> Adware.NaviPromo : Error during cleaning
[1304] VM_00B91000 -> Adware.NaviPromo : Error during cleaning
[1336] VM_00A41000 -> Adware.NaviPromo : Error during cleaning
[1344] VM_00C11000 -> Adware.NaviPromo : Error during cleaning
[1352] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[1360] VM_00D41000 -> Adware.NaviPromo : Error during cleaning
[1384] VM_00C01000 -> Adware.NaviPromo : Error during cleaning
[1404] VM_00A01000 -> Adware.NaviPromo : Error during cleaning
[1416] VM_00EB1000 -> Adware.NaviPromo : Error during cleaning
[1432] VM_00B91000 -> Adware.NaviPromo : Error during cleaning
[1440] VM_014C1000 -> Adware.NaviPromo : Error during cleaning
[1596] VM_00F61000 -> Adware.NaviPromo : Error during cleaning
[1612] VM_00B41000 -> Adware.NaviPromo : Error during cleaning
[1580] VM_01701000 -> Adware.NaviPromo : Error during cleaning
C:\Documents and Settings\Miika\Cookies\miika@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ad.adition[3].txt -> Spyware.Cookie.Adition : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ads15.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ads39.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@b.casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@com[2].txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@sel.as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@sonycorporate.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Miika\Cookies\miika@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\hijackthis\backups\backup-20050623-201709-612.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20050623-202211-340.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20050917-200042-390.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155409-450.dll -> Dialer.InstantAccess.f : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155411-665.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155413-728.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155414-470.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155415-797.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155416-916.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155417-999.dll -> Dialer.Generic : Cleaned without backup
C:\hijackthis\backups\backup-20060118-155418-193.dll -> Dialer.InstantAccess.f : Cleaned without backup
C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.f : Cleaned without backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 21:02:56, on 18.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Analog

Devices\SoundMAX\SMTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CloneCD\CloneCDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Toolbar

Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearc

h.exe
C:\Program Files\Office Mouse\MOUSE32A.EXE
C:\Program Files\MSN Toolbar

Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearc

hIndexer.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Prog

ram\SERVIC~1.EXE
C:\Program

Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program

Files\F-Secure\BackWeb\7681197\program\fsbws

ys.exe
C:\Program

Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program

Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\fswsclds.exe
C:\Program

Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program

Files\F-Secure\BackWeb\7681197\Program\Back

Web-7681197.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program

Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program

Files\F-Secure\Common\FNRB32.EXE
C:\Program

Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\dc++\DCPlusPlus.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido

anti-malware\ewidoctrl.exe
C:\Program Files\ewido

anti-malware\SecuritySuite.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Microsoft Internet

Explorer - toimittaja Sonera Internet
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersio

n\Internet Settings,ProxyServer =

proxy.dial.inet.fi:800
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersio

n\Internet Settings,ProxyOverride =

*.fi;*.*.fi;*.*.*.fi;;*.*.f;*.*.*.;loca;localhost;<local>
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search -työkalurivi Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Search -työkalurivi -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O4 - HKLM\..\Run: [HTpatch]

C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray]

C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] C:\Program

Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033]

"C:\Program Files\D-Tools\daemon.exe" -lang

1033
O4 - HKLM\..\Run: [Openwares LiveUpdate]

C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]

RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbar

Init
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE]

C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SM1BG]

C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager]

"C:\Program

Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program

Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program

Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program

Files\MSN Messenger\msnmsgr.exe"

/background
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup

Accelerator.lnk = C:\Program Files\Common

Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Windows-työpöytähaku.lnk =

C:\Program Files\MSN Toolbar

Suite\DS\02.05.0000.1105\fi-fi\bin\WindowsSearc

h.exe
O8 - Extra context menu item: &MSN Search -

res://C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.ht

m
O8 - Extra context menu item: Avaa uuteen

etuvälilehteen - res://C:\Program Files\MSN

Toolbar

Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230

?f5e47f3cc7734ceaa394d61c3a5515a
O8 - Extra context menu item: Avaa uuteen

taustavälilehteen - res://C:\Program Files\MSN

Toolbar

Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229

?f5e47f3cc7734ceaa394d61c3a5515a
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.

EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tuki -

{0795F49C-AC69-4900-97B9-D0236B0F67C8} -

http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut -

{18DA0820-87FF-442C-8398-9105B6B055A5} -

http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti -

{F69D706E-8A6D-4A3C-BE6E-F327B35B79DA} -

http://sms.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF:

START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF:

{14B87622-7E19-4EA8-93B3-97215F77A6BC}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messenge

rStatsPAClient.cab31267.cab
O16 - DPF:

{33288993-5664-11D4-8B5B-00D0B73B3518} (ell

Class) -

http://www.easports.com/downloads/games/com

mon/ieell.cab
O16 - DPF:

{58172624-85DD-4482-9E64-02ADCA637E96}

(shizmoo Class) -

http://www.kungfuchess.com/activex/web665.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consum

er/V5Controls/en/x86/client/wuweb_site.cab?1092

767099765
O16 - DPF:

{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}

(AcDcToday Control) - file://F:\Program

Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF:

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messenge

rStatsClient.cab
O16 - DPF:

{AE563720-B4F5-11D4-A415-00108302FDFD}

(NOXLATE-BANR) - file://F:\Program

Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-220313175592}

(ZoneIntro Class) -

http://messenger.zone.msn.com/binary/ZIntro.cab

32846.cab
O16 - DPF:

{BD393C14-72AD-4790-A095-76522973D6B8}

(CBreakshotControl Class) -

http://messenger.zone.msn.com/binary/Bankshot.

cab31267.cab
O16 - DPF:

{C6637286-300D-11D4-AE0A-0010830243BD}

(InstaFred) - file://F:\Program Files\AutoCAD

2002\InstFred.ocx
O16 - DPF:

{F281A59C-7B65-11D3-8617-0010830243BD}

(AcPreview Control) - file://F:\Program

Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF:

{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}

(Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireS

howdown.cab
O23 - Service: Autodesk Licensing Service -

Autodesk, Inc. - C:\Program Files\Common

Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update

(BackWeb Client - 7681197) - Unknown owner -

C:\PROGRA~1\F-Secure\BackWeb\7681197\Prog

ram\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler

Starter - F-Secure Corp. - C:\Program

Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker

- F-Secure Corporation - C:\Program

Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. -

C:\Program

Files\F-Secure\BackWeb\7681197\program\fsbws

ys.exe
O23 - Service: F-Secure Anti-Virus Firewall

Daemon (FSDFWD) - F-Secure Corporation -

C:\Program

Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent

(FSMA) - F-Secure Corporation - C:\Program

Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center

Legacy Detection Service (Fswsclds) - F-Secure

Corporation - C:\Program

Files\F-Secure\fswsclds.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc.

- C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service

(SoundMAX Agent Service (default)) - Analog

Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) -

Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe

Tässä ovat molemmat raportit. Miten minun tulisi seuraavaksi toimia?

[ + lainaa]

spertti

Senior Member

18. tammikuuta 2006 @ 16:19

Linkki tähän viestiin

Laitapa kunnolla tuo HjT-loki.

EDIT: Ja käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä ) ja skannaa Ewidolla uudestaan siellä. Ei tuo NaviPromo näköjään kokonaan lähtenyt vielä.

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. tammikuuta 2006 @ 16:28

aikka_

Newbie

19. tammikuuta 2006 @ 05:54

Linkki tähän viestiin

Varsin toimiva ratkaisu mainosikkunoiden estämiseksi on asentaa selaimeen Google toolbar

[ + lainaa]

aaxxeell

Senior Member

19. tammikuuta 2006 @ 09:23

Linkki tähän viestiin

Toimivin ratkaisu:

Miksipäs asentaa toolbaareja, kun laitat vaan Firefoxin oletusselaimeksi ja homma on valmis :) Toolbaarit hidastaa sitäpaitsi netin käyttöä ja se toimii IE selaimella joka on nykyään hyvin vaarallinen oman tietoturvan kannalta. Ponnahdusikkunat ovat jo firefoxin asetuksissa estettynä. Että lataamisen arvoinen Firefox -> http://www.mozilla-europe.org/fi/products/firefox/
niin aikka_ kuin miikak84, suosittelen todella.

[ + lainaa]

Eje

Suspended due to non-functional email address

20. tammikuuta 2006 @ 06:26

Linkki tähän viestiin

Kai myös poistat ne ongelmakohdat, mitä Spybot löytää.. Kannattaa ajaa myös ad-awarella läpi.

[ + lainaa]

blade81

Senior Member

20. tammikuuta 2006 @ 16:57

Linkki tähän viestiin

Lokeista päätellen koneellasi on mellastanut Instant Accessin kautta tullut örkki.

Käy hakemassa BruteforceUninstaller (http://www.merijn.org/files/bfu.zip) ja asenna se c:\bfu -hakemistoon. Hae siihen InstantAccessin poistoon tehty skripti (klikkaa oikealla hiiren painikkeella seuraavaa linkkiä ja tallenna tiedosto c:\bfu -hakemistoon http://metallica.geekstogo.com/EGDACCESS.bfu).

Käynnistä kone vikasietotilaan ja tee sen jälkeen seuraavasti:

1. Käynnistä BruteforceUninstaller ja valitse avautuvaan laatikkoon tuo EGDACCESS.bfu tiedosto ja klikkaa execute. Homman ollessa valmis, klikkaa ok ja sulje ohjelma.

2. Aja SpyBot ja korjaa löytyneet virheet (tod.näk MagicControl.Agent)

3. Valitse Käynnistä->Suorita->avautuvaan ruutuun msconfig ja sen jälkeen avautuvasta ruudusta viimeinen välilehti. Selaa etsi listasta n. 10 merkin pituinen nimi, joka on täyttä siansaksaa (Nimi vaihtelee satunnaisesti, joten tarkkaa nimeä en voi sanoa. Tiedosto on kuitenkin löydettävissä c:\windows\system32 -hakemistosta. Hakemistossa on 4 tuon merkkijonon sisältävää tiedostoa, joista yksi on .exe ja kolme muuta .dat -päätteisiä.)

4. Aja Highjackthis ja fixaa tuo epämääräisen tiedostonimen sisältävä rivi (jos et pysty päättelemään mikä, laita loki, niin katsotaan).

5. Jos uskalsit tehdä fixauksen, siirry c:\windows\system32 -hakemistoon ja poista ne neljää tiedostoa, joiden nimet alkavat tuolla epämääräisellä merkkijonolla.

6. Käynnistä kone uudestaan ja aja Spybot sekä HijackThis (lähetä HjT loki tänne).

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. tammikuuta 2006 @ 16:58

tomsung

Junior Member

20. tammikuuta 2006 @ 19:35

Linkki tähän viestiin

Mitä ne ponnahdusikkunat sitte niinkö yleensä on? Mitä ne sisältää ja miks niitä on? Siis...oikeesti?

joo, just näitä. Help

[ + lainaa]

Kaikki oikeudet pidätetään!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. tammikuuta 2006 @ 19:38

aaxxeell

Senior Member

20. tammikuuta 2006 @ 20:32

Linkki tähän viestiin

En millän mahda uskoa tuon spyBot:n voimaan kun ewidokaan ei saanut ainakaan normaalitilassa pois.
Tuon poistamiseen tuntuu olevan nyt monta keinoa muutoin, kunhan saadaan uutta hjt lokia ja ewidon loki vikasietotilasta.

@tomsung

Eli nämä pop-up ikkunat ilmestyvät yleensä kun avaat vaikkapa selaimen koska koneesi on saastunut. Menemällä mainosikkunaan tai lataamalla se filu yleensä saadaan lisää örkkejä koneelle. Tämä ei lopu ennekuin me korjaamme sen täällä tai viimeisenä vaihtoehtona, formatoi koneen.

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. tammikuuta 2006 @ 20:38

Mainos

tomsung

Junior Member

21. tammikuuta 2006 @ 04:34

Linkki tähän viestiin

selvä. Tanks

[ + lainaa]

Kaikki oikeudet pidätetään!

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > ongelmalliset mainosikkunat


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.