Onko tietoa?

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi janne59 03.11.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. janne59

    janne59 Active member

    Liittynyt:
    14.01.2004
    Viestejä:
    1,041
    Kiitokset:
    0
    Pisteet:
    66
    Mitä nämä on, Google ei löytänyt mitään kummastakaan:

    O4 - HKLM\..\Run: [Ante Loud Aim Web] C:\Documents and Settings\All Users\Application Data\ProcMp3AnteLoud\Funkphone.exe

    O4 - HKCU\..\Run: [DASHGLUE] C:\DOCUME~1\Omistaja\APPLIC~1\Openfree\Junk four rule.exe
     
    janne59, 03.11.2006
    #1
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Trojan.downloader.swizzor a.k.a lop = mese plussan sponsoriohjelma, örkki. Laita HjT-loki, jos tuollaisia näkyy :)
     
    -kemisti-, 03.11.2006
    #2
  4. janne59

    janne59 Active member

    Liittynyt:
    14.01.2004
    Viestejä:
    1,041
    Kiitokset:
    0
    Pisteet:
    66
    Mä poistin ne vikasietotilassa. Kumma kun Ewido, Defender, Ad-Aware sekä Avast! eivät löytäneet niitä.Myöskään Mese plussaa ei ole koneella koskaan ollut. Laitan nyt kuitenkin vielä login:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:17:06, on 3.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Avast!\aswUpdSv.exe
    E:\Program Files\Avast!\ashServ.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    E:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\WESTER~1\wdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\PROGRA~1\Avast!\ashDisp.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    E:\Program Files\Active Desktop Calendar\ADC.exe
    E:\Program Files\Avast!\ashMaiSv.exe
    E:\Program Files\Avast!\ashWebSv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://saunalahti.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast!\ashDisp.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\Active Desktop Calendar\ADC.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\Office10\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155098312
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138803677640
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Avast!\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Avast!\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - E:\PROGRA~1\WESTER~1\wdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\Ohjelmat\TuneUP Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    janne59, 03.11.2006
    #3
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Katotaan varoiksi tällä:

    Lataa NoLoptyöpöydällesi yhdestä seuraavista linkeistä...
    Linkki 1
    Linkki 2
    Linkki 3
    [*]Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    [*]Tuplaklikkaa NoLop.exe ajaaksesi sen
    [*]Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    [*] Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    [*] Klikkaa "REBOOT"-painiketta.
    [*] NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataamscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
     
    Viimeksi muokattu: 03.11.2006
    -kemisti-, 03.11.2006
    #4
  6. janne59

    janne59 Active member

    Liittynyt:
    14.01.2004
    Viestejä:
    1,041
    Kiitokset:
    0
    Pisteet:
    66
    Joopa joo, homman juuret taitaa juontaa BitLordilla imuroituun yhteen juttuun.

    Onko noissa turhia: "023-Service" joita voisi poistaa?


    Ja niitä logeja:

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Omistaja\Työpöytä
    [3.11.2006]
    [20:42:03]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\AFCE800A91A132D6.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Ahead
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Cyberlink
    C:\Documents and Settings\All Users\Application Data\Dvd Shrink
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Real -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Retrospect
    C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Support.com
    C:\Documents and Settings\All Users\Application Data\Tuneup Software
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Xemicomputers
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Lavasoft
    C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Omistaja\Application Data\Acoustica
    C:\Documents and Settings\Omistaja\Application Data\Adobe
    C:\Documents and Settings\Omistaja\Application Data\Adobeum
    C:\Documents and Settings\Omistaja\Application Data\Ahead
    C:\Documents and Settings\Omistaja\Application Data\Arcsoft
    C:\Documents and Settings\Omistaja\Application Data\Cyberlink
    C:\Documents and Settings\Omistaja\Application Data\Epson
    C:\Documents and Settings\Omistaja\Application Data\Google
    C:\Documents and Settings\Omistaja\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Omistaja\Application Data\Identities
    C:\Documents and Settings\Omistaja\Application Data\Lavasoft
    C:\Documents and Settings\Omistaja\Application Data\Macromedia
    C:\Documents and Settings\Omistaja\Application Data\Microsoft
    C:\Documents and Settings\Omistaja\Application Data\Mozilla
    C:\Documents and Settings\Omistaja\Application Data\Pc Tools
    C:\Documents and Settings\Omistaja\Application Data\Real
    C:\Documents and Settings\Omistaja\Application Data\Skype
    C:\Documents and Settings\Omistaja\Application Data\Slysoft
    C:\Documents and Settings\Omistaja\Application Data\Sun
    C:\Documents and Settings\Omistaja\Application Data\Talkback
    C:\Documents and Settings\Omistaja\Application Data\Thunderbird
    C:\Documents and Settings\Omistaja\Application Data\Tuneup Software
    C:\Documents and Settings\Omistaja\Application Data\Ursoft
    C:\Documents and Settings\Omistaja\Application Data\Xnview -- EMPTY Directory

    Logfile of HijackThis v1.99.1
    Scan saved at 20:48:30, on 3.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    E:\Program Files\Avast!\aswUpdSv.exe
    E:\Program Files\Avast!\ashServ.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    E:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\oodag.exe
    E:\PROGRA~1\WESTER~1\wdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\Program Files\Avast!\ashMaiSv.exe
    E:\Program Files\Avast!\ashWebSv.exe
    E:\PROGRA~1\Avast!\ashDisp.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    E:\Program Files\Active Desktop Calendar\ADC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast!\ashDisp.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\Active Desktop Calendar\ADC.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\Office10\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155098312
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138803677640
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Avast!\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Avast!\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Avast!\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Avast!\ashWebSv.exe" /service (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - E:\PROGRA~1\WESTER~1\wdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\Ohjelmat\TuneUP Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Viimeksi muokattu: 03.11.2006
    janne59, 03.11.2006
    #5
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Joo olis tullu takas ilman ton ajoa (oli ajoitettu tehtävä). Ei näy turhia servicejä.
     
    -kemisti-, 03.11.2006
    #6
  8. janne59

    janne59 Active member

    Liittynyt:
    14.01.2004
    Viestejä:
    1,041
    Kiitokset:
    0
    Pisteet:
    66
    Kiitoksia ja hyvää illanjatkoa!
     
    janne59, 03.11.2006
    #7
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu