|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Tässä hjt-lokini
|
|
|
Playeri
Member
|
26. marraskuuta 2006 @ 14:33 |
Linkki tähän viestiin
|
voisitteko katsoa onko tässä jotain häikkää?
Logfile of HijackThis v1.99.1
Scan saved at 19:32:53, on 26.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\SVCHOST.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Save\Save.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Samurize\Client.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search -työkalurivi Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{0BEDB~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{0BEDB~1\reboot.ini
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?82362eda5e2d4869ac98e1e8616ba62a
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?82362eda5e2d4869ac98e1e8616ba62a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1148998726148
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow60.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: MS Software Generic Host Process for Win32 Services (SVCHOST) - Unknown owner - C:\WINDOWS\SYSTEM\SVCHOST.exe
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. marraskuuta 2006 @ 14:35
|
|
Hujo
Suspended permanently
|
26. marraskuuta 2006 @ 19:06 |
Linkki tähän viestiin
|
poista lisää poista sovelutuksesta
WhenUSave
scannaa hjt:llä merkkaa paina fix checked
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
Poista vikasiedossa
C:\Program Files\--> Save <--
1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
Playeri
Member
|
27. marraskuuta 2006 @ 13:18 |
Linkki tähän viestiin
|
Tässä:
Admin - 06-11-27 18:11:59.00 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Admin\Ty?p?yt?"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\winupdates
((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))
2006-11-27 17:29 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-27 17:26 <KANSIO> d-------- C:\Program Files\THQ
2006-11-26 17:36 <KANSIO> d-------- C:\Netist? ladatut
2006-11-26 17:15 <KANSIO> d-------- C:\Program Files\mIRC
2006-11-26 15:29 <KANSIO> d-------- C:\Program Files\Lavalys
2006-11-26 14:58 <KANSIO> d-------- C:\Program Files\RivaTuner v2.0 RC 16.1
2006-11-24 19:40 <KANSIO> d-------- C:\Program Files\Samurize
2006-11-24 16:51 <KANSIO> dr-h----- C:\Documents and Settings\Admin\Recent
2006-11-24 16:05 <KANSIO> d-------- C:\Program Files\Yahoo!
2006-11-24 16:05 <KANSIO> d-------- C:\Program Files\CCleaner
2006-11-24 15:52 <KANSIO> d-------- C:\Splash
2006-11-24 14:35 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-11-24 11:56 40,960 -ra------ C:\WINDOWS\system32\ov519ext.dll
2006-11-24 11:56 25,211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-11-24 11:56 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-11-24 11:56 174,530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-11-24 11:56 16,426 -ra------ C:\WINDOWS\system32\ov519usd.dll
2006-11-19 22:57 <KANSIO> d-------- C:\Program Files\EA SPORTS
2006-11-18 10:38 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-18 10:38 <KANSIO> d-------- C:\b8a0421d426a54f672
2006-11-14 13:54 <KANSIO> d-------- C:\Program Files\7-Zip
2006-11-13 22:20 <KANSIO> d-------- C:\Counter-Strike Source
2006-11-13 20:31 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2006-11-13 20:31 <KANSIO> d-------- C:\Program Files\VstPlugins
2006-11-13 20:29 <KANSIO> d-------- C:\Program Files\Image-Line
2006-11-13 17:36 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-13 17:36 <KANSIO> d-------- C:\Program Files\Windows Media Components
2006-11-13 17:35 <KANSIO> d-------- C:\eJay
2006-11-13 16:23 <KANSIO> d-------- C:\condition zero cd2
2006-11-13 16:11 <KANSIO> d-------- C:\condition zero cd1
2006-11-13 16:09 <KANSIO> d-------- C:\Program Files\PowerISO
2006-11-13 16:05 77,824 --a------ C:\WINDOWS\system32\eJ_Enumerator.dll
2006-11-13 16:05 36,864 --a------ C:\WINDOWS\system32\eJayWMExport.dll
2006-11-13 16:05 29,696 --a------ C:\WINDOWS\system32\pthread.dll
2006-11-13 16:05 236,032 --a------ C:\WINDOWS\system32\devil.dll
2006-11-13 16:05 159,744 --a------ C:\WINDOWS\system32\DartSock.dll
2006-11-13 16:05 106,496 --a------ C:\WINDOWS\system32\DartWeb.dll
2006-11-13 16:05 <KANSIO> d-------- C:\WINDOWS\speech
2006-11-13 16:04 97,280 --a------ C:\WINDOWS\system32\ccrpbds5.dll
2006-11-12 19:54 <KANSIO> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2006-11-11 20:49 <KANSIO> d-------- C:\WINDOWS\OvtCam
2006-11-11 20:39 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-11 14:12 40,960 --a------ C:\WINDOWS\Phantom Fireworks Show.dll
2006-11-11 14:12 395,708 --a------ C:\WINDOWS\Phantom Fireworks Show.scr
2006-11-11 14:12 2,311,271 --a------ C:\WINDOWS\Phantom Fireworks Show.exe
2006-11-10 13:04 136,192 --a------ C:\WINDOWS\system32\pushow60.dll
2006-11-10 13:03 136,192 --a------ C:\WINDOWS\system32\pushow12.dll
2006-11-04 15:58 <KANSIO> d-------- C:\Program Files\AbiSuite2
2006-11-04 15:58 <KANSIO> d-------- C:\Documents and Settings\Admin\AbiSuite
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-28 11:50 <KANSIO> d-------- C:\Half Life
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 18:01 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-26 22:23 -------- d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2006-11-26 21:56 -------- d-------- C:\Program Files\Call of Duty
2006-11-26 17:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-26 17:12 -------- d-------- C:\Program Files\ATI Technologies
2006-11-26 14:37 -------- d-------- C:\Program Files\Common Files\Real
2006-11-26 14:37 -------- d-------- C:\Program Files\Common Files
2006-11-26 14:37 -------- d-------- C:\Documents and Settings\Admin\Application Data\Real
2006-11-26 14:35 -------- d-------- C:\Program Files\EA GAMES
2006-11-24 19:40 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 16:20 -------- d-------- C:\Program Files\DC++
2006-11-23 12:07 -------- d---s---- C:\Program Files\Xfire
2006-11-20 16:23 -------- d-------- C:\Program Files\Steam
2006-11-18 10:37 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 21:26 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-11-13 16:05 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-11 18:23 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-11-08 16:03 -------- d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft
2006-10-25 15:21 15360 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-14 22:41 -------- d-------- C:\Program Files\Jasc Software Inc
2006-10-14 22:39 -------- d-------- C:\Program Files\URUSoft
2006-10-14 12:09 -------- d-------- C:\Program Files\TimeAdjuster
2006-10-14 11:35 -------- d-------- C:\Documents and Settings\Admin\Application Data\BSplayer
2006-10-14 11:22 -------- d-------- C:\Program Files\Webteh
2006-10-14 11:14 -------- d-------- C:\Program Files\Google
2006-10-14 11:14 -------- d-------- C:\Documents and Settings\Admin\Application Data\Google
2006-10-14 11:09 -------- d-------- C:\Program Files\Setup
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 20:42 -------- d-------- C:\Program Files\Adobe
2006-10-02 19:09 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2006-10-02 19:07 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-01 17:31 -------- d-------- C:\Program Files\PhotoFiltre
2006-10-01 09:51 -------- d-------- C:\Program Files\Valve
2006-09-30 18:13 -------- d-------- C:\Program Files\Common Files\DirectX
2006-09-30 17:56 -------- d-------- C:\Program Files\Evrsoft First Page 2006
2006-09-22 17:05 737280 --a------ C:\WINDOWS\iun6002.exe
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-05 14:23 90640 --a------ C:\WINDOWS\system32\launchinie.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"CnxDslTaskBar"="\"C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-11-27 18:13:14.95
C:\ComboFix.txt ... 06-11-27 18:13
|
|
