Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:42:14, on 1.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\Program Files\ExtraFilm Kotona\Agent.exe C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\LClock.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\ViOrb\ViOrb.exe C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe C:\Program Files\Vista Sidebar\sidebar.exe C:\Program Files\VisualTooltip\VisualToolTip.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [gcasServ] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe" O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\IntCodec\isamonitor.exe O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\IntCodec\pmsngr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Railis&Laitinen\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189092167156 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 13149 bytes
Lataa RogueRemover (tai tästä) Tallenna rr-free-setup.exe työpöydällesi. Klikkaa rr-free-setup.exe aloittaksesi ohjelman asennuksen *Klikkaa Next ja sitten I agree ja lopuksi Install *Ota rasti pois Show Readme edestä ja paina Finish *Tämä käynnistää RogueRemover-ohjelman *Sulje Help- kkunan *Paina Check for updates *Jos on uusia päivityksiä saatavilla, paina Download *Odota, että ohjelma lataa ja asentaa uudet päivitykset,kun valmis paina Close päivitysikkunassa *Paina Scan *Jos ei mitään löytynyt ,sulje RogueRemover *Jos RogueRemover löysi jotain, niin se esittelee listan löydetyistä tiedostoista *Paina Save log *Paina OK ponnahdusikkunassa *Paina Remove selected *Paina YES ponnahdusikkunassa *Odota että ohjelma suorittaa tiedostojen poistoa loppuun,sen jälkeen sulje RogueRemover *Käytä muistiota (Notepad) avataaksesi tämän tiedoston C:\Program Files\RogueRemover\RRLog******.txt Huom: ****** on aika kun ajoit RogueRemoverin Lähetä tämä loki tiedosto viestiketjuusi --------------------------------------------------------- Lataa työpöydälle SmitfraudFix.exe Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon. Käynnistä kone vikasietotilaan => OHJE ja valitse tavallinen käyttäjätilisi. Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan. Lähetä: C:\Program Files\RogueRemover\RRLog******.txt Smitin raportti C:\rapport.txt. HJT logi. .
Malwarebytes' RogueRemover Malwarebytes ©2007 http://www.malwarebytes.org 6246 total fingerprints loaded. Loading database ... Expanding environmental variables ... Scanning files ... [ 100% ]. Scanning folders ... [ 100% ]. Scanning registry keys ... [ 100% ]. Scanning registry values ... [ 100% ]. RogueRemover has detected rogue antispyware components! Results below... Type: File Vendor: WinAntiVirus 2006 Location: C:\WINDOWS\system32\av.cpl Selected for removal: Yes Type: File Vendor: WinAntiVirus 2006 Location: C:\WINDOWS\system32\stera.exe Selected for removal: Yes Type: Folder Vendor: WinAntiVirus 2006 Location: C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_CLASSES_ROOT\AppID\WinPGI.DLL Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vspf_HK Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD\VSPF_HK Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_HK Selected for removal: Yes Type: Registry Key Vendor: WinAntiVirus 2006 Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK Selected for removal: Yes Type: Registry Key Vendor: Image Access ActiveX Object Location: HKEY_CURRENT_USER\Software\Internet Security Selected for removal: Yes RogueRemover has found the objects above.
