AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
maanantai 17.11.2025 / 17:37
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > nod32 puskee samaa win32/injector.hp trojan poistoyrityksistä huolimatta
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Nod32 puskee samaa Win32/Injector.HP trojan poistoyrityksistä huolimatta
  Siirry:
 
Kirjoittaja Viesti
maxx666
Newbie

1 tuotearvio
_ 		1. huhtikuuta 2009 @ 03:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nämä nod32 v4.0.417 puskee jatkuvasti kun pääsee netin päähän..olen koittanut poistaa kaikilla spywareohjelmilla ja viimeisenä sdfix:llä mut ei auttanut..pistän hjt ja sdfix raportit..
----------------------------------------------------------------------
4/1/2009 5:23:54 AM Real-time file system protection file D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BIT68.tmp a variant of Win32/Injector.HP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\WINDOWS\system32\svchost.exe.

----------------------------------------------------------------------
4/1/2009 5:26:07 AM HTTP filter file http://codecs.sytes.net/files/codeclc.exe a variant of Win32/Injector.HP trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: D:\WINDOWS\system32\svchost.exe.

---------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:44 AM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Sandboxie\SbieSvc.exe
D:\WINDOWS\system32\STacSV.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\Program Files\NetLimiter 2 Pro\NLClient.exe
D:\WINDOWS\system32\vmnat.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\TEMP\IXP000.TMP\codec.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\WINDOWS\system32\AccelerometerSt.exe
D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Program Files\On Screen Display\Hotkey.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\AESTFltr.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\WINDOWS\sttray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Mobiililaajakaista\Mobiililaajakaista\AutoUpdateSrv.exe
D:\Program Files\Mobiililaajakaista\Mobiililaajakaista\Wilog.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] D:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [KeybdUtility] "D:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [QlbCtrl.exe] D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Päivitysagentti.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - D:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1229733646781
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1229648054740
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1229654839921
O17 - HKLM\System\CCS\Services\Tcpip\..\{05503B80-21D3-46B6-AB0D-E047CDD667E0}: NameServer = 195.197.54.100 195.74.0.47
O17 - HKLM\System\CS4\Services\Tcpip\..\{05503B80-21D3-46B6-AB0D-E047CDD667E0}: NameServer = 195.197.54.100 195.74.0.47
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - D:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe

--
End of file - 13421 bytes

-----------------------------------------------------------------------

SDFix: Version 1.240
Run by Administrator on Wed 04/01/2009 at 04:27 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found

D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 04:43:00
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
"khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,79,f7,2f,14,71,27,4f,96,69,b6,37,c8,35,01,b6,fd,b3,06,f0,60,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
"khjeh"=hex:6f,16,5e,49,2e,f3,2f,8e,34,31,3e,e2,ee,24,d3,34,50,a2,9f,04,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:98,04,78,af,de,24,a2,e7,af,ec,35,17,26,71,59,4f,2c,38,81,cf,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
"khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,a4,97,61,7b,b3,87,32,28,e0,9a,88,71,66,17,73,d6,ea,cc,6f,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..
"a0"=hex:20,01,00,00,0b,b2,05,00,c0,df,74,75,cf,4e,7d,ec,4d,59,fb,57,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4f,e7,a8,bf,68,6b,0b,21,93,ff,9c,70,e6,b2,eb,9f,29,e7,10,cd,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..
"a0"=hex:20,01,00,00,0b,b2,05,00,c0,df,74,75,cf,4e,7d,ec,4d,59,fb,57,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4f,e7,a8,bf,68,6b,0b,21,93,ff,9c,70,e6,b2,eb,9f,29,e7,10,cd,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="DD17D2897D0D3EE0223E7DB7CFDF4FE205C1B5DD9EA03B73A9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E66777782F8D0947650E2BEA07E972846208186A9D2B664309D6A8EF645D84E378CF420F4F295E7FF95579E00E05F375D467D33BE8AE3DCC270C1BBA2BF74465D800BB9990645076953F3FD9501221E060D6453BB77E384F2E889F064809B22717C3EB23F4D4B6C48FE5CB0565F6EA15BECC265DCCEC80EC594479A9D1EED33E8C2F3C0984090E968217D4E4620B64726CF613EA71BEE55B23E4CED3617C4DD7D7877EFC480174AC4CD6F0D0639CC86FA7B28E7EF030D7E44F482A04947AEA31DC44E48350302FD9925A9E7288EBF39475947D881D6E6DE8E17E798F0DA11B203F9485792F7DA6073B8C3D49F52F65FD9EE3A84BCB1BE0D724CB8F1E7022700AE9DADD0A7AC565B1720B9028528E44DFAE1CBD61534C0F39222AA32FE89FA2EA0BA9CCB74D5A9CE8A4AA42364AA6587CF56D4E34118B7B272F444E11A3300CD1164D955846FC1E5188F05EED0C0A0F2F09BAD006E657CA4F5E7C1069525EABE23FC15F950967E4229217D41E4C3CF8E2401B9C67B7A2C5758A65C831AAA9A45401B935ED3B448A2A7E8D7A6843B6CA1C365BF041EC535DEDCEC841B4E586BD719B19873287B4CE474DF487452B665D6DCBF96ED07441A1A40F22A19442D961990EFB29089DCC176E3F25197EC3AC2E81A52A99A4BCBC48176E24FA4701801FC0212D516AAE94EAA85DA82E33D15E5D95AB55DD213C07ABD6D531BD9368C7A9EDDDAF9CA57187F590F23DABD51D45B07A0A15077D6AD6C90CF3E1411741F4D83C91B888DD229587598ED65AAEEF9C901631B9474544D4446FB9843F42D93C255A50B1F806FDA214C3839967D59A968A605446B358CB2061CFDA1855DA04CA2F0D6FB837694808B4AAE762613CF0594EE7ECF2C56B03498A10525108F715BEBA2A089E6CA5C7102379183F3E244A7B324DB52B5A85F3D8CDA55B98BD0766AAAC9DF9E829ACC6FCBFAFB3F056A4838BAD46300FB382ACC6DD1AF88BBEC9D59791E6E5D1E04313000F639CEFE3A67A8BDE1C20F07612BA818F0EEFF93A54457E979733C6698581C23A3B7A668AEA146D06AB0DD8ACB8B5EBDDB148E7431099CE90598AE7805EE6620AF338B24C84B61D87E5C38144CC345BE44C4F8ED0B7BDEB75E6DB0C44919E6C715E066713D7CFF5ED51D3DB0DFB549968B7185A3BDE1F2DDF0FD83DB833076602DD55CA2AA24D4A6486920B3D4436E5CCE1F46C4268AEDC8FB3F6B7442F03C8F5EBDED741F1A35E3DB216656F7A7DF09D4E0297888D623B664FF06EB241F8FD27939D3BEF284AEA6C97BC789F46D4E0081219"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{039CE88A-83E5-4358-A924-B81163CEE993}]
"janhjbhieddgjddejido"=hex:62,61,6a,66,00,f8
"janhjbhieddgjddejipm"=hex:62,61,6a,66,00,f8
"ianieelpipmfohpebp"=hex:6b,61,69,66,63,65,6c,65,6e,6a,69,68,68,68,69,70,6a,6c,68,69,62,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"="D:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe:*:Enabled:VMware Authd"
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic"
"D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup)"
"D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update)"
"D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update"
"D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{E27721AD-BA43-47E4-ACF3-E0E6A7A27DF1}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\InstTool.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{E27721AD-BA43-47E4-ACF3-E0E6A7A27DF1}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{FEA36F6D-186C-4D20-B45A-C8C31A1FD366}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{FEA36F6D-186C-4D20-B45A-C8C31A1FD366}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{3AEE14F5-BB74-4EFC-95BA-225064426062}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{3AEE14F5-BB74-4EFC-95BA-225064426062}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"D:\\Program Files\\FlashGet\\FlashGet.exe"="D:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 27 Apr 2003 18,944 ...H. --- "D:\WINDOWS\Temp\vbruntime.tmp"
Tue 31 Mar 2009 4,348 A.SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 2 Mar 2008 25,600 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0153.tmp"
Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0348.tmp"
Sun 2 Mar 2008 25,600 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0484.tmp"
Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1422.tmp"
Sun 2 Mar 2008 25,088 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1444.tmp"
Sun 2 Mar 2008 26,624 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1724.tmp"
Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1985.tmp"
Sun 2 Mar 2008 26,624 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL3533.tmp"
Sun 2 Mar 2008 26,112 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL3997.tmp"
Sun 2 Mar 2008 26,112 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL4046.tmp"
Tue 26 Jun 2007 1,699,376 ...H. --- "D:\Documents and Settings\Administrator\My Documents\YouCam\YouCamDiskMemory.tmp"
Fri 19 Dec 2008 0 A.SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Tue 5 Feb 2008 20,480 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Tikku 2 kopio\Verkkoviestint?\~WRL0005.tmp"
Tue 5 Feb 2008 20,480 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Tikku 2 kopio\Verkkoviestint?\~WRL1176.tmp"

Finished!
[ + lainaa]
79atanos
Senior Member

3 tuotearviota
_ 		1. huhtikuuta 2009 @ 07:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Morjens!

Laitapa nuo kummatkin logit tutkittavaksi tuonne vt.nettiin (linkki viestin lopussa), rekisteröidy ellet ole jo jäsen. Osaavat siellä auttaa vähän paremmin, meillä täällä AfterDawnissa ei valitettavasti ole fiksaajia näkynyt vähään aikaan lukuunottamatta muutamaa vt.netin vierailevaa fiksaajaa.

Otsikko ja ongelman kuvaus on ihan tarpeeksi kattavat, joten käytä vaikka niitä samoja sielläkin. Huomaa myös siellä HjT-osiossa oleva "viiden päivän ketju", voit spämmätä sinne jos jostain syystä logiasi ei ole huomioitu viidessä päivässä, ovat välillä vähän kiireisiä :)

http://www.virustorjunta.net/modules.php?name=Forums (HjT-logien analysointi)
[ + lainaa]
GA B85M D3H | E3-1230V3 | True Spirit 120 M BW Rev.A | Asus R9 270X DCII TOP | SF-600P14XE-PRO | 8GB RAM | PNY 120GB SSD | WDC WD10EZEX | Fractal Define Mini | Win7 64bit Pro |
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > nod32 puskee samaa win32/injector.hp trojan poistoyrityksistä huolimatta
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy