HiJackthis logi

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Selmi 23.07.2005.

  1. Selmi

    Selmi Member

    Liittynyt:
    24.01.2005
    Viestejä:
    78
    Kiitokset:
    0
    Pisteet:
    16
    Löytyyköhän kyseisestä logista jotain epäilyttävää?


    Logfile of HijackThis v1.99.1
    Scan saved at 16:59:59, on 23.7.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kvjkgeptkwafxojm.com/k1J...KAkRvI6Cmb/lBaXUdArOi99LPkQpxGJI8WfRHb0V.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [Uptime-Project] C:\Program Files\client\client.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://62.3.133.38/FI/24_3d_colour_pop.jsp?noreloadredir
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08e2c15f59d4a42c1a18/netzip/RdxIE601.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...le.com/saba/fi/win/QuickTimeFullInstaller.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.pattayalivecam.com/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe
    O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4524/mcfscan.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
  2.  
  3. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    FIXaa ainakin seuraavat kohdat:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kvjkgeptkwafxojm.com/k1J...KAkRvI6Cmb/lBaXUdArOi99LPkQpxGJI8WfRHb0V.html
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08e2c15f59d4a42c1a18/netzip/RdxIE601.cab

    Onko sulla Atin vai Nvidian näyttis?

    Skannaa vielä eScannilla. Laita logi jos löytyy jotain.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm


     
    Viimeksi muokattu: 23.07.2005
  4. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    Tiedätkö että tuo ohjelma on OK??
    C:\Program Files\client\client.exe
    Jos et niin scannaa se tuolla, ja kerro mitä löytyi
    http://virusscan.jotti.org/

    Oletko itse asettanut nuo nettisivut luotettaviksi? Tuskin, eli fixaa vielä HjT:llä
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)

    Onkomuuten MessengerPlussa ollut koneella?
     
  5. Selmi

    Selmi Member

    Liittynyt:
    24.01.2005
    Viestejä:
    78
    Kiitokset:
    0
    Pisteet:
    16
    Tuo client.exe on uptimen mittausohjelma ja käytän ATI:n näyttistä.
     
  6. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    Näyttäis olevan koneella sekä ATin että Nvidian ajurit. Laita hjt:n Uninstall_list, niin katotaan sekin läpi. Käynnistä hjt, älä skannaa vaan klikkaa Open the misc tools section -> open uninstall manager -> save list. Tallennat sen ja lähetät tänne pähkäiltäväksi.
     
  7. Selmi

    Selmi Member

    Liittynyt:
    24.01.2005
    Viestejä:
    78
    Kiitokset:
    0
    Pisteet:
    16
    Uninstall_Managerin lista:


    Ad-Aware SE Personal
    Adobe Reader 7.0 - Suomi
    America's Army
    America's Army Server Manager
    AMIP (remove only)
    ArcSoft ShowBiz 2
    ATI Control Panel
    ATI Display Driver
    avast! Antivirus
    Call of Duty
    Call of Duty - United Offensive
    CD-Facta 2004
    EasyCleaner
    Flashpoint uninstall
    GameSpy Arcade
    HijackThis 1.99.1
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 4.0
    HP Photo and Imaging 2.0 - Photosmart Cameras
    HP Photosmart -kamerat 4.0
    hp psc 2170 series
    HP Software Update
    HP valokuva- ja kuvankäsittelyohjelma 2.0 - hp psc 2170 series
    HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One
    HP:n valokuva- ja kuvankäsittelyohjelma 2.0 - All-in-One Ohjain
    Intel(R) Extreme Graphics Driver
    InterVideo WinDVD Player
    InterVideo WinDVRX
    J2SE Runtime Environment 5.0 Update 2
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_04
    Java 2 Runtime Environment, SE v1.4.2_06
    Java Web Start
    KBD
    Language Pack for Ad-aware 6
    Logitech Gaming Software
    Logitech SetPoint
    Macromedia Shockwave Player
    Memories Disc Creator 2.0
    Messenger-Control plug-in for Ad-Aware SE
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Finnish Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft AntiSpyware
    Microsoft Data Access Components KB870669
    Microsoft Windows Journal Viewer
    Microsoft Windows XP -käyttöjärjestelmän ohjatun CD-levylle tallentamisen HighMAT-laajennus
    Microsoft Word 2002
    Microsoft Works 7.0
    mIRC
    Mozilla Firefox (1.0.6)
    MSN Messenger 7.0
    MSXML 4.0 SP2 Parser and SDK
    Musicmatch® Jukebox
    Nokia Multimedia Player
    NVIDIA Ethernet Driver
    NVIDIA Gart Driver
    NVIDIA Windows 2000/XP Display Drivers
    OFP Addon Messerschmitt Bf109
    overland
    Philips Key Ring Audio Player
    Photosmart 140,240,7200,7600,7700,7900 Series
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    Päivitys Windows XP:lle (KB898461)
    QuickTime
    RealPlayer
    RecordNow!
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Sonic Update Manager
    Spybot - Search & Destroy 1.4
    Suojauspäivitys Windows XP:lle (KB883939)
    Suojauspäivitys Windows XP:lle (KB890046)
    Suojauspäivitys Windows XP:lle (KB896358)
    Suojauspäivitys Windows XP:lle (KB896422)
    Suojauspäivitys Windows XP:lle (KB896428)
    Suojauspäivitys Windows XP:lle (KB901214)
    Suojauspäivitys Windows XP:lle (KB903235)
    Sygate Personal Firewall Pro
    TeamSpeak 2 RC2
    VCW VicMan's Photo Editor 7.5
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Connect
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinRAR-pakkausohjelma
    Wolfenstein - Enemy Territory
    XviD MPEG-4 Video Codec

     
  8. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    Muuten ok, mutta noista Nvidian ajureista en tiedä onko turhaan koneella. Poista lisää/poista sovelluksella jos et tarvi.
     

Jaa tämä sivu