Logfile of HijackThis v1.99.1 Scan saved at 10:39:19, on 20.4.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe D:\WinRAR\WinRAR.exe C:\DOCUME~1\LEEAMK~1\LOCALS~1\Temp\Rar$EX02.532\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.dial.inet.fi:800;gopher=proxy.dial.inet.fi:800;http=proxy.dial.inet.fi:800;https=proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp7FDE.tmp O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-xu\msntb.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10cf697ac668b08bc720/netzip/RdxIE601.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.240.224.222/activex/AxisCamControl.cab O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.andlotsmore.com/plug/install.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Voisko joku kattoo tän läpi. Pop-up ikkunoita, kone hidastelee, ei suostu kirjautuun meseen...
Juu, onhan siellä kivasti kaikkea Poista ohjauspaneelista (lisää/poista sovellus): New.net tai New.net domains tai NewDotNet Käynnistä uudelleen. Lähetä uusi HjT-loki, jatketaan sitten fixiä
Selvä, sitten toimitaan toisella tavalla: Ensin lataa LSPfix.exe -> http://www.cexx.org/lspfix.htm LSPfix.exe sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä. Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin. Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan. Ne saattavat estää New.Netin poiston. Lataa NNuninstall.exe -> http://www.new.net/support/NNuninstall.exe NNuninstall.exe [*]Tallenna se työpöydällesi. [*]Tupla-klikkaa NNuninstall.exe filua. [*]Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat. [*]Klikkaa Yes. [*]Klikkaa poiston jälkeen OK. [*]Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later). Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen. Tyhjennä roskakori. JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa ) Lähetä uusi HjT-loki.
oli tuossa äsken netti pari tuntia pois käytöstä, mutta sain nyt poistettua kyseisen ohjelman. tässä uusi loki Logfile of HijackThis v1.99.1 Scan saved at 16:32:04, on 20.4.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Real\RealPlayer\RealPlay.exe D:\WinRAR\WinRAR.exe C:\DOCUME~1\LEEAMK~1\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.dial.inet.fi:800;gopher=proxy.dial.inet.fi:800;http=proxy.dial.inet.fi:800;https=proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp7995.tmp O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-xu\msntb.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10cf697ac668b08bc720/netzip/RdxIE601.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.240.224.222/activex/AxisCamControl.cab O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.andlotsmore.com/plug/install.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Jep, lähti pois. Sitten jatketaan: Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi: Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita tämän tekstitiedoston sisältö viestiketjuusi.
tuplaklikkasin tiedostoa ja tuli tällainen teksti SmitFraudFix v2.33b Fichier Process.exe absent! Dezipped la totalite de l'archive dans un dossier. Process.exe file missing! Unzip all the archive in a folder. Jatka painamalla mitä tahansa näppäintä...
Varmista ensin että purit koko sen smitfraudfix-kansion työpöydälle ja yritä uudestaan. Jos ei auta, niin F-secure ilmeisesti poistaa tuon process.exen "haittaohjelmana" mitä se ei ole. Tehdään näin: Ota nettipiuha ja F-secure pois päältä ja aja tuo smitfraudfix uudestaan. Ajon jälkeen f-secure ja nettipiuha takaisin päälle. Lähetä sen loki.
SmitFraudFix v2.33b Scan done at 17:24:03,84, to 20.04.2006 Run from C:\Documents and Settings\Leea M„kel„\Ty”p”yt„\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\interf.tlb FOUND ! C:\WINDOWS\system32\mssearchnet.exe FOUND ! C:\WINDOWS\system32\ncompat.tlb FOUND ! C:\WINDOWS\system32\nvctrl.exe FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Leea M„kel„\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEEAMK~1\Suosikit C:\DOCUME~1\LEEAMK~1\Suosikit\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\SpywareQuake\ FOUND ! C:\Program Files\SpywareQuake.com\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware" [HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32] @="C:\WINDOWS\system32\stickrep.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32] @="C:\WINDOWS\system32\stickrep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Saatiinhan se loki Tässä seuraavat toimenpiteet: Hae ja asenna ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Päivitä se, älä skannaa vielä. Avaa HjT, klikkaa do a system scan only, merkkaa nämä ja paina fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10cf697ac668b08bc720/netzip/RdxIE601.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.andlotsmore.com/plug/install.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071 O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing) O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) Sitten käynnistä -> suorita. Syötä siihen: sc stop SvcProc ja klikkaa ok sitten sc delete SvcProc ja klikkaa ok Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd (toimi niin kuin äsken sait tuon toimimaan) Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen. Jos, niin käynnistä uudelleen vikasietotilaan. Poista, jos löytyy: C:\Program Files\MyWay C:\WINDOWS\svcproc.exe Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti. Käynnistä uudelleen, lähetä uusi HjT-loki, ewidon raportti ja C:\rapport.txt-tiedoston sisältö.
Tässä ohjeet: * Sulje kaikki ohjelmat. * Klikkaa käynnistä -> suorita -> msconfig ja OK * Valitse BOOT.INI-välilehti, merkkaa "/SAFEBOOT"-valinta, ja sitten klikkaa OK ja käynnistä kone uudelleen sitä pyydettäessä * Tietokone käynnistyy vikasietotilaan * Tee vikasietotilassa pyydetyt toimenpiteet. * Kun olet valmis, mene uudelleen msconfigiin kuten edellä ja ota valinta pois BOOT.INI-välilehdeltä "/SAFEBOOT"-kohdasta ja paina OK, jolloin koneesi käynnistyy normaalisti.
onnistuihan se. tässä nämä Logfile of HijackThis v1.99.1 Scan saved at 19:50:52, on 20.4.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe D:\WinRAR\WinRAR.exe C:\DOCUME~1\LEEAMK~1\LOCALS~1\Temp\Rar$EX00.546\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.dial.inet.fi:800;gopher=proxy.dial.inet.fi:800;http=proxy.dial.inet.fi:800;https=proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-xu\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.240.224.222/activex/AxisCamControl.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\4476822\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 19:48:20, 20.4.2006 + Report-Checksum: FAD8B6E5 + Scan result: HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Adware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Cleaned with backup HKLM\SOFTWARE\NavExcel -> Adware.NavExcel : Cleaned with backup HKU\S-1-5-21-602162358-2139871995-682003330-1003\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-602162358-2139871995-682003330-1003\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-602162358-2139871995-682003330-1003\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\Cache\EFA351F7d01 -> Adware.NewDotNet : Cleaned with backup :mozilla.18:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.19:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.24:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.25:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.43:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.44:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.48:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.49:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.61:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.62:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.64:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.70:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.71:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.72:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.73:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.74:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.75:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.76:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.77:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.78:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.80:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.123:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.136:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.137:C:\Documents and Settings\Leea Mäkelä\Application Data\Mozilla\Firefox\Profiles\433mep8x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Cookies\leea mäkelä@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Cookies\leea mäkelä@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Cookies\leea mäkelä@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Local Settings\Temp\ACK\aurareco.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Local Settings\Temp\TLK\aurareco.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Local Settings\Temp\TYS\aurareco.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Local Settings\Temp\VVC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\Leea Mäkelä\Työpöytä\hijackthis.zip/backups/backup-20060420-175437-435.dll -> Adware.MediaTickets : Error during cleaning C:\Documents and Settings\Leea Mäkelä\Työpöytä\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Cleaned with backup C:\Program Files\Common Files\amqpsnqm\atolnldsbq\sepoqqnrp.0xe -> Adware.Gator : Cleaned with backup C:\Program Files\Common Files\amqpsnqm\rstllrlo\frpmqrpp.0xe -> Adware.Gator : Cleaned with backup C:\Program Files\NavExcel\NavHelper\v2.0.2\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup C:\Program Files\NavExcel\NavHelper\v2.0.2\NHUpdater.exe -> Adware.NavExcel : Cleaned with backup C:\Program Files\NavExcel\NavHelper\v2.0.2\v2.0.2.cab/NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup C:\Program Files\NavExcel\NavHelper\v2.0.2\v2.0.2.cab/NHUpdater.exe -> Adware.NavExcel : Cleaned with backup C:\Program Files\NavExcel\NavHelper\v2.0.2\v2.0.2.cab/NHelper.dll -> Adware.NavExcel : Cleaned with backup C:\WINDOWS\kpydzoryyj.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\stickrep.dll.mwt -> Not-A-Virus.Hoax.Win32.Renos.cc : Cleaned with backup C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup C:\WINDOWS\zcgwhs.exe -> Adware.BetterInternet : Cleaned with backup ::Report End SmitFraudFix v2.33b Scan done at 18:36:11,54, to 20.04.2006 Run from C:\Documents and Settings\Leea M„kel„\Ty”p”yt„\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\hp????.tmp Deleted C:\WINDOWS\system32\interf.tlb Deleted C:\WINDOWS\system32\ncompat.tlb Deleted C:\WINDOWS\system32\nvctrl.exe Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\LEEAMK~1\Suosikit\Antivirus Test Online.url Deleted C:\Program Files\SpywareQuake\ Deleted C:\Program Files\SpywareQuake.com\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» End
