1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

hpqimzone.exe

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi mihku 01.01.2006.

  1. mihku

    mihku Regular member

    Liittynyt:
    14.08.2005
    Viestejä:
    149
    Kiitokset:
    0
    Pisteet:
    26
    Otinpa tämänkin koneen käsittelyyn, varsinkin kun tuossa windowsin sammutusvaiheessa on alkanut tulla ilmoitus hpqimzone.exe:n sulkemisesta, joka on = ? Yhtäkkiseltään tuli googlen perusteella käsitys josain pöpöstä. Eli hjt:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:13:15, on 1.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [AWMON] "C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure Internet Security 2005 OEM (BackWeb Plug-in - 1245240) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    ja Ewido

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 19:08:20, 1.1.2006
    + Report-Checksum: A43245E5

    + Scan result:

    :mozilla.26:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\m7mtllrs.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\Uninstall My Web Search.dll -> Spyware.MyWebSearch : Cleaned with backup
    E:\smailii\SmileyCentralFFSetup2.0.4.0.exe -> Spyware.MyWebSearch : Cleaned with backup


    ::Report End

    Löytyyköhön mitään "kivaa" näin vuoden alun kunniaksi?
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Luulen, että johtuu tuosta rivistä:

    O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

    Fixaa se ja palauta HjT:n varmuuskopioista, jos tulee tarvis.
     
  4. mihku

    mihku Regular member

    Liittynyt:
    14.08.2005
    Viestejä:
    149
    Kiitokset:
    0
    Pisteet:
    26
    Asia selvä, kokeillaan. Kiitti neuvosta!
     

Jaa tämä sivu