Hjt logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi larmaani 23.08.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. larmaani

    larmaani Member

    Liittynyt:
    22.08.2006
    Viestejä:
    4
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 8:35:56, on 23.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\KAIKKI KANSIOT\HJt\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {98F30AF1-C319-4101-9530-460EB4F3C2D2} - C:\WINDOWS\system32\awvvt.dll
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.i-lookup.com
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O15 - Trusted Zone: *.offshoreclicks.com
    O15 - Trusted Zone: *.teensguru.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: msdtc.dll
    O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
    larmaani, 23.08.2006
    #1
  2.  
  3. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Moi. tehdään aluksi näin:
    Lataa VundoFix.exe työpöydällesi. http://www.atribune.org/ccount/click.php?id=4

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Rastita boksi [bold]Run VundoFix as a task.[/bold]
    Saat viestin joka sanoo "Vundofix will close and re-open in a minute or less". [bold]Klikkaa OK.[/bold]
    Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse [bold]Add more files[/bold]
    Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

    C:\WINDOWS\system32\awvvt.dll
    C:\WINDOWS\system32\tvvwa.*
    Klikkaa [bold]Add Files[/bold] ja sitten klikkaa [bold]Close Window.[/bold]
    Klikkaa [bold]Remove Vundo valintaa.[/bold]
    Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
    Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
    Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
    Käynnistä koneesi uudelleen.

    Lisäksi:
    Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa” do a system scan only ”.
    Merkkaa nämä rivit ja paina Fix checked : (kaikkia ei välttämättä löydy enää)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.i-lookup.com
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O15 - Trusted Zone: *.offshoreclicks.com
    O15 - Trusted Zone: *.teensguru.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

    Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.
     
    kairis, 23.08.2006
    #2
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu