Täällä taas yksi IEXPLORE.EXE ongelma... :(

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by mamabird, Dec 29, 2006.

  1. mamabird

    mamabird Member

    Joined:
    Dec 29, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Elikkäs tämä sama vanha tuttu... taskmanagerissa huutaa iexplorereita kaksin kappalein, eivätkä suostu sammumaan millään. Tässä tuloste hijack logista... pystyykö joku auttamaan tyttöä mäessä?


    Logfile of HijackThis v1.99.1
    Scan saved at 23:57:27, on 29.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWSZ\System32\smss.exe
    C:\WINDOWSZ\system32\winlogon.exe
    C:\WINDOWSZ\system32\services.exe
    C:\WINDOWSZ\system32\lsass.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\svchost.exe
    C:\WINDOWSZ\System32\svchost.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
    C:\WINDOWSZ\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\WINDOWSZ\eHome\ehRecvr.exe
    C:\WINDOWSZ\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWSZ\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWSZ\system32\dllhost.exe
    C:\WINDOWSZ\ehome\ehtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWSZ\eHome\ehmsas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
    C:\WINDOWSZ\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWSZ\system32\cmd.exe
    C:\WINDOWSZ\system32\cleanmgr.exe
    C:\WINDOWSZ\system32\taskmgr.exe
    C:\WINDOWSZ\explorer.exe
    C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151996486877
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
     
    mamabird, Dec 29, 2006
    #1
  2. Marku2

    Marku2 Regular member

    Joined:
    Dec 7, 2005
    Messages:
    1,259
    Likes Received:
    0
    Trophy Points:
    46
    HijackThis.exe omaan kansioon -> C:\hjt\

    Sammuta tuo SpybotSD TeaTimer, ohjeet -> http://aaxxeell.googlepages.com/spybot-timer


    Nuo fixiin:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Poista nämä:
    C:\windows\system32\blank.htm <- tiedosto
    C:\Documents and settings\SARITA~1.HIM\Application data\LOGOPH~1 <- kansio


    Hae AVG Anti-Spyware -> http://aaxxeell.googlepages.com/ewido4
    Päivitä, Skannaa, Poista löydöt ja tallenna raportti.


    Hae Findlop by Metallica:
    http://metallica.geekstogo.com/findlop.zip

    Pura työpöydälle ja tuplaklikkaa findlop.bat


    Lähetä uusi HjT-loki, AVG:n raportti ja C:\Findlop.txt.
     
    Last edited: Dec 30, 2006
    Marku2, Dec 30, 2006
    #2
  3. mamabird

    mamabird Member

    Joined:
    Dec 29, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Elikkäs kaikenlaista näköjään löytyi...
    Ohjeita on noudatettu ja tässä ensin tuo hjt:n logi:
    Logfile of HijackThis v1.99.1
    Scan saved at 0:25:24, on 31.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWSZ\System32\smss.exe
    C:\WINDOWSZ\system32\winlogon.exe
    C:\WINDOWSZ\system32\services.exe
    C:\WINDOWSZ\system32\lsass.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\svchost.exe
    C:\WINDOWSZ\System32\svchost.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
    C:\WINDOWSZ\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\WINDOWSZ\eHome\ehRecvr.exe
    C:\WINDOWSZ\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWSZ\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWSZ\system32\dllhost.exe
    C:\WINDOWSZ\ehome\ehtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWSZ\eHome\ehmsas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
    C:\WINDOWSZ\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWSZ\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWSZ\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\hjt\HijackThis_v1.99.1.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe
    O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151996486877
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe







    Tässä tuo avg:n raportti:
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 0:21:59 31.12.2006

    + Scan result:



    :mozilla.162:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.209:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.108:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.109:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Sarita\Cookies\sarita@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Sarita\Cookies\sarita@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.119:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.120:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.121:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.122:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.59:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.60:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.86:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.140:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.135:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.136:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.139:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.25:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.143:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.41:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.42:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.43:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.44:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.45:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.150:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.26:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.144:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.176:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.177:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Sarita\Cookies\sarita@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.57:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.58:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.142:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.113:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.114:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.38:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.39:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Sarita\Cookies\sarita@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    Onko vielä jotain tehtävissä?
     
    mamabird, Dec 30, 2006
    #3
  4. mamabird

    mamabird Member

    Joined:
    Dec 29, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Tässä on tämä findlop.txt

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'XoftSpySE.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\XoftSpySE\XoftSpy.exe'
    Parameters: '-t'
    WorkingDirectory: 'C:\Program Files\XoftSpySE\'
    Comment: 'Runs XoftSpySE at Scheduled Time.'
    Creator: 'Sarita'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 08/24/2006 3:00:00
    NextRun: 12/31/2006 3:00:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 07/05/2006
    EndDate: 00/00/0000
    StartTime: 03:00
    MinutesDuration: 0
    MinutesInterval: 0
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0
     
    mamabird, Dec 30, 2006
    #4
  5. Marku2

    Marku2 Regular member

    Joined:
    Dec 7, 2005
    Messages:
    1,259
    Likes Received:
    0
    Trophy Points:
    46
    Tuo fixiin:
    O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe

    Piilotiedostot näkyviin.


    Poista tuo kansio:
    C:\Documents and settings\SARITA~1.HIM\Application data\LOGOPH~1



    Lähetä uusi HjT-loki.
     
    Marku2, Dec 30, 2006
    #5
  6. mamabird

    mamabird Member

    Joined:
    Dec 29, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Sitä tiedostoa ei nyt sitten enää löytynytkään uudessa hjt skannauksessa. Logi näyttää nyt tältä:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:59, on 31.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWSZ\System32\smss.exe
    C:\WINDOWSZ\system32\winlogon.exe
    C:\WINDOWSZ\system32\services.exe
    C:\WINDOWSZ\system32\lsass.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\svchost.exe
    C:\WINDOWSZ\System32\svchost.exe
    C:\WINDOWSZ\system32\Ati2evxx.exe
    C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
    C:\WINDOWSZ\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\WINDOWSZ\eHome\ehRecvr.exe
    C:\WINDOWSZ\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWSZ\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWSZ\system32\dllhost.exe
    C:\WINDOWSZ\ehome\ehtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWSZ\eHome\ehmsas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
    C:\WINDOWSZ\system32\wuauclt.exe
    C:\WINDOWSZ\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWSZ\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\hjt\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151996486877
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
     
    mamabird, Dec 31, 2006
    #6
  7. Marku2

    Marku2 Regular member

    Joined:
    Dec 7, 2005
    Messages:
    1,259
    Likes Received:
    0
    Trophy Points:
    46
    HjT-loki on puhdas.
     
    Marku2, Dec 31, 2006
    #7
  8. mamabird

    mamabird Member

    Joined:
    Dec 29, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    OK. Kiitoksia kovasti avusta ja oikein mukavaa alkavaa vuotta 2007! :)
     
    mamabird, Dec 31, 2006
    #8

Share This Page