1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Nod32 puskee samaa Win32/Injector.HP trojan poistoyrityksistä huolimatta

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi maxx666 01.04.2009.

  1. maxx666

    maxx666 Member

    Liittynyt:
    22.01.2004
    Viestejä:
    8
    Kiitokset:
    0
    Pisteet:
    11
    Nämä nod32 v4.0.417 puskee jatkuvasti kun pääsee netin päähän..olen koittanut poistaa kaikilla spywareohjelmilla ja viimeisenä sdfix:llä mut ei auttanut..pistän hjt ja sdfix raportit..
    ----------------------------------------------------------------------
    4/1/2009 5:23:54 AM Real-time file system protection file D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BIT68.tmp a variant of Win32/Injector.HP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\WINDOWS\system32\svchost.exe.

    ----------------------------------------------------------------------
    4/1/2009 5:26:07 AM HTTP filter file http://codecs.sytes.net/files/codeclc.exe a variant of Win32/Injector.HP trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: D:\WINDOWS\system32\svchost.exe.

    ---------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:20:44 AM, on 4/1/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    D:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\LogMeIn\x86\RaMaint.exe
    D:\Program Files\LogMeIn\x86\LogMeIn.exe
    D:\Program Files\LogMeIn\x86\LMIGuardian.exe
    D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\Program Files\CyberLink\Shared files\RichVideo.exe
    D:\Program Files\Sandboxie\SbieSvc.exe
    D:\WINDOWS\system32\STacSV.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\TUProgSt.exe
    D:\Program Files\NetLimiter 2 Pro\NLClient.exe
    D:\WINDOWS\system32\vmnat.exe
    D:\WINDOWS\system32\SearchIndexer.exe
    D:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    D:\WINDOWS\system32\vmnetdhcp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\WINDOWS\TEMP\IXP000.TMP\codec.exe
    D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    D:\WINDOWS\system32\AccelerometerSt.exe
    D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    D:\Program Files\On Screen Display\Hotkey.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\WINDOWS\system32\AESTFltr.exe
    D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    D:\WINDOWS\sttray.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    D:\Program Files\Mobiililaajakaista\Mobiililaajakaista\AutoUpdateSrv.exe
    D:\Program Files\Mobiililaajakaista\Mobiililaajakaista\Wilog.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwininstaller.tk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] D:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [KeybdUtility] "D:\Program Files\On Screen Display\Hotkey.exe"
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [QlbCtrl.exe] D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Päivitysagentti.lnk = ?
    O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - D:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware workstation\vsocklib.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.uwininstaller.tk
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1229733646781
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1229648054740
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229654839921
    O17 - HKLM\System\CCS\Services\Tcpip\..\{05503B80-21D3-46B6-AB0D-E047CDD667E0}: NameServer = 195.197.54.100 195.74.0.47
    O17 - HKLM\System\CS4\Services\Tcpip\..\{05503B80-21D3-46B6-AB0D-E047CDD667E0}: NameServer = 195.197.54.100 195.74.0.47
    O20 - AppInit_DLLs: acaptuser32.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - D:\WINDOWS\system32\STacSV.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe

    --
    End of file - 13421 bytes

    -----------------------------------------------------------------------

    SDFix: Version 1.240
    Run by Administrator on Wed 04/01/2009 at 04:27 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: D:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found

    D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
    D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-01 04:43:00
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="D:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
    "khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:5f,79,f7,2f,14,71,27,4f,96,69,b6,37,c8,35,01,b6,fd,b3,06,f0,60,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="D:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
    "khjeh"=hex:6f,16,5e,49,2e,f3,2f,8e,34,31,3e,e2,ee,24,d3,34,50,a2,9f,04,4f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:98,04,78,af,de,24,a2,e7,af,ec,35,17,26,71,59,4f,2c,38,81,cf,4d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="D:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,33,a7,2d,3a,f8,ad,89,30,67,ec,fc,99,85,e6,16,b1,f5,..
    "khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:5e,a4,97,61,7b,b3,87,32,28,e0,9a,88,71,66,17,73,d6,ea,cc,6f,47,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..
    "p0"="D:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..
    "a0"=hex:20,01,00,00,0b,b2,05,00,c0,df,74,75,cf,4e,7d,ec,4d,59,fb,57,1d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:4f,e7,a8,bf,68,6b,0b,21,93,ff,9c,70,e6,b2,eb,9f,29,e7,10,cd,b4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:4f,e6,83,88,e6,15,bd,9e,81,b8,40,c9,b6,28,f7,36,d9,a7,7f,0d,75,..
    "p0"="D:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:ef,36,82,db,1d,c3,0f,ca,46,dd,2b,65,d8,de,c7,52,14,87,20,e3,89,..
    "a0"=hex:20,01,00,00,0b,b2,05,00,c0,df,74,75,cf,4e,7d,ec,4d,59,fb,57,1d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:4f,e7,a8,bf,68,6b,0b,21,93,ff,9c,70,e6,b2,eb,9f,29,e7,10,cd,b4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:41,18,4b,44,e6,41,a8,23,24,76,ab,4b,7c,f8,08,6a,cc,a9,f3,1a,c3,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG11.00.00.01WORKSTATION"="DD17D2897D0D3EE0223E7DB7CFDF4FE205C1B5DD9EA03B73A9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E66777782F8D0947650E2BEA07E972846208186A9D2B664309D6A8EF645D84E378CF420F4F295E7FF95579E00E05F375D467D33BE8AE3DCC270C1BBA2BF74465D800BB9990645076953F3FD9501221E060D6453BB77E384F2E889F064809B22717C3EB23F4D4B6C48FE5CB0565F6EA15BECC265DCCEC80EC594479A9D1EED33E8C2F3C0984090E968217D4E4620B64726CF613EA71BEE55B23E4CED3617C4DD7D7877EFC480174AC4CD6F0D0639CC86FA7B28E7EF030D7E44F482A04947AEA31DC44E48350302FD9925A9E7288EBF39475947D881D6E6DE8E17E798F0DA11B203F9485792F7DA6073B8C3D49F52F65FD9EE3A84BCB1BE0D724CB8F1E7022700AE9DADD0A7AC565B1720B9028528E44DFAE1CBD61534C0F39222AA32FE89FA2EA0BA9CCB74D5A9CE8A4AA42364AA6587CF56D4E34118B7B272F444E11A3300CD1164D955846FC1E5188F05EED0C0A0F2F09BAD006E657CA4F5E7C1069525EABE23FC15F950967E4229217D41E4C3CF8E2401B9C67B7A2C5758A65C831AAA9A45401B935ED3B448A2A7E8D7A6843B6CA1C365BF041EC535DEDCEC841B4E586BD719B19873287B4CE474DF487452B665D6DCBF96ED07441A1A40F22A19442D961990EFB29089DCC176E3F25197EC3AC2E81A52A99A4BCBC48176E24FA4701801FC0212D516AAE94EAA85DA82E33D15E5D95AB55DD213C07ABD6D531BD9368C7A9EDDDAF9CA57187F590F23DABD51D45B07A0A15077D6AD6C90CF3E1411741F4D83C91B888DD229587598ED65AAEEF9C901631B9474544D4446FB9843F42D93C255A50B1F806FDA214C3839967D59A968A605446B358CB2061CFDA1855DA04CA2F0D6FB837694808B4AAE762613CF0594EE7ECF2C56B03498A10525108F715BEBA2A089E6CA5C7102379183F3E244A7B324DB52B5A85F3D8CDA55B98BD0766AAAC9DF9E829ACC6FCBFAFB3F056A4838BAD46300FB382ACC6DD1AF88BBEC9D59791E6E5D1E04313000F639CEFE3A67A8BDE1C20F07612BA818F0EEFF93A54457E979733C6698581C23A3B7A668AEA146D06AB0DD8ACB8B5EBDDB148E7431099CE90598AE7805EE6620AF338B24C84B61D87E5C38144CC345BE44C4F8ED0B7BDEB75E6DB0C44919E6C715E066713D7CFF5ED51D3DB0DFB549968B7185A3BDE1F2DDF0FD83DB833076602DD55CA2AA24D4A6486920B3D4436E5CCE1F46C4268AEDC8FB3F6B7442F03C8F5EBDED741F1A35E3DB216656F7A7DF09D4E0297888D623B664FF06EB241F8FD27939D3BEF284AEA6C97BC789F46D4E0081219"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{039CE88A-83E5-4358-A924-B81163CEE993}]
    "janhjbhieddgjddejido"=hex:62,61,6a,66,00,f8
    "janhjbhieddgjddejipm"=hex:62,61,6a,66,00,f8
    "ianieelpipmfohpebp"=hex:6b,61,69,66,63,65,6c,65,6e,6a,69,68,68,68,69,70,6a,6c,68,69,62,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "D:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"="D:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe:*:Enabled:VMware Authd"
    "D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic"
    "D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup)"
    "D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update)"
    "D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
    "D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe"="D:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update"
    "D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{E27721AD-BA43-47E4-ACF3-E0E6A7A27DF1}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\InstTool.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{E27721AD-BA43-47E4-ACF3-E0E6A7A27DF1}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup)"
    "D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{FEA36F6D-186C-4D20-B45A-C8C31A1FD366}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{FEA36F6D-186C-4D20-B45A-C8C31A1FD366}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
    "D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{3AEE14F5-BB74-4EFC-95BA-225064426062}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe"="D:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\{3AEE14F5-BB74-4EFC-95BA-225064426062}\\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
    "D:\\Program Files\\FlashGet\\FlashGet.exe"="D:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    Remaining Files :



    Files with Hidden Attributes :

    Mon 26 Jan 2009 1,740,632 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Thu 5 Mar 2009 2,260,480 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 27 Apr 2003 18,944 ...H. --- "D:\WINDOWS\Temp\vbruntime.tmp"
    Tue 31 Mar 2009 4,348 A.SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
    Sun 2 Mar 2008 25,600 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0153.tmp"
    Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0348.tmp"
    Sun 2 Mar 2008 25,600 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL0484.tmp"
    Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1422.tmp"
    Sun 2 Mar 2008 25,088 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1444.tmp"
    Sun 2 Mar 2008 26,624 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1724.tmp"
    Sun 2 Mar 2008 27,136 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL1985.tmp"
    Sun 2 Mar 2008 26,624 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL3533.tmp"
    Sun 2 Mar 2008 26,112 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL3997.tmp"
    Sun 2 Mar 2008 26,112 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Hakemukset\~WRL4046.tmp"
    Tue 26 Jun 2007 1,699,376 ...H. --- "D:\Documents and Settings\Administrator\My Documents\YouCam\YouCamDiskMemory.tmp"
    Fri 19 Dec 2008 0 A.SH. --- "D:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
    Tue 5 Feb 2008 20,480 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Tikku 2 kopio\Verkkoviestint„\~WRL0005.tmp"
    Tue 5 Feb 2008 20,480 A..H. --- "D:\Documents and Settings\Administrator\Desktop\Tikku 2 kopio\Verkkoviestint„\~WRL1176.tmp"

    Finished!
     
    maxx666, 01.04.2009
    #1
  2.  
  3. 79atanos

    79atanos Regular member

    Liittynyt:
    20.05.2008
    Viestejä:
    1,945
    Kiitokset:
    15
    Pisteet:
    48
    Morjens!

    Laitapa nuo kummatkin logit tutkittavaksi tuonne vt.nettiin (linkki viestin lopussa), rekisteröidy ellet ole jo jäsen. Osaavat siellä auttaa vähän paremmin, meillä täällä AfterDawnissa ei valitettavasti ole fiksaajia näkynyt vähään aikaan lukuunottamatta muutamaa vt.netin vierailevaa fiksaajaa.

    Otsikko ja ongelman kuvaus on ihan tarpeeksi kattavat, joten käytä vaikka niitä samoja sielläkin. Huomaa myös siellä HjT-osiossa oleva "viiden päivän ketju", voit spämmätä sinne jos jostain syystä logiasi ei ole huomioitu viidessä päivässä, ovat välillä vähän kiireisiä :)

    http://www.virustorjunta.net/modules.php?name=Forums (HjT-logien analysointi)
     
    79atanos, 01.04.2009
    #2

Jaa tämä sivu