Täällä taas yksi IEXPLORE.EXE ongelma... :(

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 20.7.2025 / 19:36

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > täällä taas yksi iexplore.exe ongelma... :(

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Täällä taas yksi IEXPLORE.EXE ongelma... :(

Siirry:

Kirjoittaja

Viesti

mamabird

Newbie

29. joulukuuta 2006 @ 19:11

Linkki tähän viestiin

Elikkäs tämä sama vanha tuttu... taskmanagerissa huutaa iexplorereita kaksin kappalein, eivätkä suostu sammumaan millään. Tässä tuloste hijack logista... pystyykö joku auttamaan tyttöä mäessä?

Logfile of HijackThis v1.99.1
Scan saved at 23:57:27, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWSZ\System32\smss.exe
C:\WINDOWSZ\system32\winlogon.exe
C:\WINDOWSZ\system32\services.exe
C:\WINDOWSZ\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\svchost.exe
C:\WINDOWSZ\System32\svchost.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
C:\WINDOWSZ\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWSZ\eHome\ehRecvr.exe
C:\WINDOWSZ\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWSZ\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWSZ\system32\dllhost.exe
C:\WINDOWSZ\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWSZ\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\WINDOWSZ\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWSZ\system32\cmd.exe
C:\WINDOWSZ\system32\cleanmgr.exe
C:\WINDOWSZ\system32\taskmgr.exe
C:\WINDOWSZ\explorer.exe
C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1151996486877
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe

[ + lainaa]

Marku2

Senior Member

30. joulukuuta 2006 @ 14:50

Linkki tähän viestiin

HijackThis.exe omaan kansioon -> C:\hjt\

Sammuta tuo SpybotSD TeaTimer, ohjeet -> http://aaxxeell.googlepages.com/spybot-timer

Nuo fixiin:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe

Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Poista nämä:
C:\windows\system32\blank.htm <- tiedosto
C:\Documents and settings\SARITA~1.HIM\Application data\LOGOPH~1 <- kansio

Hae AVG Anti-Spyware -> http://aaxxeell.googlepages.com/ewido4
Päivitä, Skannaa, Poista löydöt ja tallenna raportti.

Hae Findlop by Metallica:
http://metallica.geekstogo.com/findlop.zip

Pura työpöydälle ja tuplaklikkaa findlop.bat

Lähetä uusi HjT-loki, AVG:n raportti ja C:\Findlop.txt.

[ + lainaa]

The rules of the Afterdawn/Afterdawnin säännöt!
Rules: http://forums.afterdawn.com/thread_view.cfm/2487
Säännöt: http://keskustelu.afterdawn.com/thread_view.cfm/2717

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. joulukuuta 2006 @ 15:18

mamabird

Newbie

30. joulukuuta 2006 @ 19:29

Linkki tähän viestiin

Elikkäs kaikenlaista näköjään löytyi...
Ohjeita on noudatettu ja tässä ensin tuo hjt:n logi:
Logfile of HijackThis v1.99.1
Scan saved at 0:25:24, on 31.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWSZ\System32\smss.exe
C:\WINDOWSZ\system32\winlogon.exe
C:\WINDOWSZ\system32\services.exe
C:\WINDOWSZ\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\svchost.exe
C:\WINDOWSZ\System32\svchost.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
C:\WINDOWSZ\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWSZ\eHome\ehRecvr.exe
C:\WINDOWSZ\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWSZ\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWSZ\system32\dllhost.exe
C:\WINDOWSZ\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWSZ\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\WINDOWSZ\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWSZ\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWSZ\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\hjt\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe
O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1151996486877
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe

Tässä tuo avg:n raportti:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:21:59 31.12.2006

+ Scan result:

:mozilla.162:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sarita\Cookies\sarita@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sarita\Cookies\sarita@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.119:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.121:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.122:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.60:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.86:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.140:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.135:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.143:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.26:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.144:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.176:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Sarita\Cookies\sarita@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.58:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.142:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.113:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.114:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.38:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Sarita.HIMATSU-D50B46F\Application Data\Mozilla\Firefox\Profiles\yeceu0ql.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Sarita\Cookies\sarita@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Onko vielä jotain tehtävissä?

[ + lainaa]

mamabird

Newbie

30. joulukuuta 2006 @ 19:39

Linkki tähän viestiin

Tässä on tämä findlop.txt

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'XoftSpySE.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\XoftSpySE\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\XoftSpySE\'
Comment: 'Runs XoftSpySE at Scheduled Time.'
Creator: 'Sarita'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/24/2006 3:00:00
NextRun: 12/31/2006 3:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 07/05/2006
EndDate: 00/00/0000
StartTime: 03:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[ + lainaa]

Marku2

Senior Member

31. joulukuuta 2006 @ 05:37

Linkki tähän viestiin

Tuo fixiin:
O4 - HKCU\..\Run: [test bore] C:\DOCUME~1\SARITA~1.HIM\APPLIC~1\LOGOPH~1\dogsect.exe

Piilotiedostot näkyviin.

Poista tuo kansio:
C:\Documents and settings\SARITA~1.HIM\Application data\LOGOPH~1

Lähetä uusi HjT-loki.

[ + lainaa]

The rules of the Afterdawn/Afterdawnin säännöt!
Rules: http://forums.afterdawn.com/thread_view.cfm/2487
Säännöt: http://keskustelu.afterdawn.com/thread_view.cfm/2717

mamabird

Newbie

31. joulukuuta 2006 @ 10:23

Linkki tähän viestiin

Sitä tiedostoa ei nyt sitten enää löytynytkään uudessa HjT skannauksessa. Logi näyttää nyt tältä:

Logfile of HijackThis v1.99.1
Scan saved at 15:19:59, on 31.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWSZ\System32\smss.exe
C:\WINDOWSZ\system32\winlogon.exe
C:\WINDOWSZ\system32\services.exe
C:\WINDOWSZ\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\svchost.exe
C:\WINDOWSZ\System32\svchost.exe
C:\WINDOWSZ\system32\Ati2evxx.exe
C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe
C:\WINDOWSZ\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWSZ\eHome\ehRecvr.exe
C:\WINDOWSZ\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWSZ\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWSZ\system32\dllhost.exe
C:\WINDOWSZ\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWSZ\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\WINDOWSZ\system32\wuauclt.exe
C:\WINDOWSZ\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWSZ\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWSZ\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWSZ\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Canon IJ Status Monitor Canon MP800 Series Printer.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1151996486877
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWSZ\
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWSZ\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSZ\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWSZ\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWSZ\system32\ZoneLabs\vsmon.exe

[ + lainaa]

Marku2

Senior Member

31. joulukuuta 2006 @ 12:22

Linkki tähän viestiin

HjT-loki on puhdas.

[ + lainaa]

The rules of the Afterdawn/Afterdawnin säännöt!
Rules: http://forums.afterdawn.com/thread_view.cfm/2487
Säännöt: http://keskustelu.afterdawn.com/thread_view.cfm/2717

Mainos