HJT LOGI

Discussion in 'Virukset ja haittaohjelmat' started by Ale90, Jan 22, 2006.

  1. Ale90

    Ale90 Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 13:49:17, on 22.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F3 - REG:win.ini: load=C:\WINDOWS\system\dll.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F00AC0B-6416-9D62-824A-FC23DFD7C802} - C:\DOCUME~1\Aleksi\APPLIC~1\GPLANT~1\coal dart.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [BodyBrowseLiveNoun] C:\Documents and Settings\All Users\Application Data\Dvd Face Body Browse\Flaw default.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tons body] C:\DOCUME~1\Aleksi\APPLIC~1\SLOWBR~1\heart team.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Ale90, Jan 22, 2006
    #1
  2. Tonski

    Tonski Regular member

    Joined:
    Nov 18, 2005
    Messages:
    670
    Likes Received:
    0
    Trophy Points:
    26
    Löytyy ainakin tuo kohta:

    O2 - BHO: (no name) - {1F00AC0B-6416-9D62-824A-FC23DFD7C802} - C:\DOCUME~1\Aleksi\APPLIC~1\GPLANT~1\coal dart.exe (file missing)

    Tuo näyttää epäilyttävältä:

    F3 - REG:win.ini: load=C:\WINDOWS\system\dll.exe

    [bold]Älä fixaa mitään ennenkuin joku vahvistaa nämä![/bold]
     
    Tonski, Jan 22, 2006
    #2
  3. Ale90

    Ale90 Guest

    Tässä olisi viellä ewidon logi

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 16:31:40, 22.1.2006
    + Report-Checksum: 6634BABA

    + Scan result:

    [1712] C:\DOCUME~1\Aleksi\APPLIC~1\GPLANT~1\coal dart.exe -> Downloader.Swizzor.bo : Error during cleaning
    C:\Documents and Settings\Aleksi\Cookies\aleksi@banner.clubdicecasino[2].txt -> Spyware.Cookie.Clubdicecasino : Cleaned with backup
    C:\Documents and Settings\Aleksi\Cookies\aleksi@clubdicecasino[1].txt -> Spyware.Cookie.Clubdicecasino : Cleaned with backup
    C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup


    ::Report End
     
    Ale90, Jan 22, 2006
    #3
  4. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Laita vielä ewidon jäljiltä uusi Hijackthis loki myös.
     
    aaxxeell, Jan 22, 2006
    #4
  5. Ale90

    Ale90 Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 17:04:05, on 22.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Ale90, Jan 22, 2006
    #5
  6. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Fixaa makusi mukaan koska käynnistyvät turhaan automaattisesti eli näin nopeutat käynnistymistä ja vapautat tehoja:
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10

    Laita piilotiedostot näkyville -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Päivitä ewido vielä.


    <<<<<<<<<<<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Naputtele F8 käynnistyksen yhteydessä ja valitse vikasietotila

    poista (jos löydät)
    C:\WINDOWS\system\->dll.exe<-

    Aja ewidolla vielä "full system scan" ja tallenna raportti.

    Käynnistä kone uudelleen ja laita vielä ewidon raportti tänne.
     
    aaxxeell, Jan 22, 2006
    #6
  7. Ale90

    Ale90 Guest

    olen nyt kaverilla mutta teen tämän vielä tänä iltana
     
    Ale90, Jan 22, 2006
    #7
  8. Ale90

    Ale90 Guest

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 20:44:15, 22.1.2006
    + Report-Checksum: B15A6323

    + Scan result:

    C:\Documents and Settings\Aleksi\Cookies\aleksi@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Aleksi\Cookies\aleksi@ehg-nvidia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Aleksi\Cookies\aleksi@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup


    ::Report End
     
    Ale90, Jan 22, 2006
    #8
  9. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Puhtaalta nyt näyttää...
    Vapaaehtoisena voit suorittaa tarkistuksen eScan:lla
    -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
    Ohjeet oheessa voit myös laittaa tuon ala lokin tänne analysiin jos jotain tarvitsisikin käsin vielä poistaa... tuskin kuitenkaan.
     
    aaxxeell, Jan 22, 2006
    #9
  10. Ale90

    Ale90 Guest

    File C:\DOCUME~1\Aleksi\APPLIC~1\SLOWBR~1\HEARTT~1.EXE tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
    File C:\Documents and Settings\Aleksi\Application Data\SLOW BROWSE\fourholdmath.exe tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
    File C:\Documents and Settings\Aleksi\Application Data\SLOW BROWSE\heart team.exe tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
    File C:\Documents and Settings\Aleksi\Application Data\SLOW BROWSE\imqaaumu.exe tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
    File C:\Documents and Settings\Aleksi\Local Settings\Temp\bis39.exe tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Dvd Face Body Browse\Flaw default.exe tagged as not-a-virus:AdWare.Win32.Lop.ag. No Action Taken.
     
    Ale90, Jan 22, 2006
    #10
  11. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Poista:

    C:\Documents and Settings\Aleksi\Application Data\--->SLOW BROWSE<---\
    File C:\Documents and Settings\All Users\Application Data\--->Dvd Face Body Browse<---\
    C:\Documents and Settings\Aleksi\Local Settings\Temp\--> Koko kansion sisältö.

    Jos eivät suostu poistumaan niin vikasietotilassa sitten.
     
    aaxxeell, Jan 22, 2006
    #11

Share This Page