Koneella spywarea, HJT-loki

Koneella on spywarea joka ei suostu lähtemään mitenkään

Logfile of HijackThis v1.99.1
Scan saved at 16:48:33, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Filseclab Messenger.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153990834122
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153993082468
O17 - HKLM\System\CCS\Services\Tcpip\..\{2747756B-60F8-464F-92FE-99386579C3BD}: NameServer = 192.168.0.1,192.168.0.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Alsson - 06-10-26 21:50:12,85 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\WINDOWS"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


2006-10-09 20:01 124,752 --a------ C:\WINDOWS\system32\xpacket.sys
2006-10-07 12:22 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2006-10-01 09:17 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-30 22:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-09-30 22:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 21:50 -------- d-------- C:\Documents and Settings\Alsson\Application Data\uTorrent
2006-10-26 21:35 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-23 21:35 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Skype
2006-10-23 15:56 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-10-23 15:50 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Talkback
2006-10-22 16:48 -------- d-------- C:\Program Files\HJT
2006-10-22 15:07 -------- d-------- C:\Program Files\AtomFTP
2006-10-22 15:05 -------- d-------- C:\Documents and Settings\Alsson\Application Data\CoreFTP
2006-10-21 21:42 -------- d-------- C:\Program Files\Lavasoft
2006-10-21 21:42 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Lavasoft
2006-10-19 12:14 -------- d-------- C:\Documents and Settings\Alsson\Application Data\X-Chat 2
2006-10-12 21:04 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 21:04 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-12 16:04 -------- d-------- C:\Program Files\AOL
2006-10-11 22:15 -------- d-------- C:\Program Files\MSN Messenger
2006-10-11 16:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-09 20:01 -------- d-------- C:\Program Files\Filseclab
2006-10-09 20:01 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-09 20:01 -------- d-------- C:\Program Files\Common Files\Filseclab
2006-10-09 20:01 -------- d-------- C:\Program Files\Common Files
2006-10-09 18:33 -------- d-------- C:\Program Files\xchat
2006-10-01 23:13 -------- d---s---- C:\Documents and Settings\Alsson\Application Data\Microsoft
2006-10-01 14:22 -------- d-------- C:\Documents and Settings\Alsson\Application Data\My Games
2006-10-01 11:51 -------- d-------- C:\Program Files\Skype
2006-09-30 22:29 -------- d-------- C:\Program Files\Winamp
2006-09-30 19:32 -------- d-------- C:\Documents and Settings\Alsson\Application Data\GetRightToGo
2006-09-30 17:47 -------- d-------- C:\Documents and Settings\Alsson\Application Data\COWON
2006-09-29 16:59 -------- d-------- C:\Program Files\ASTRA32
2006-09-24 13:32 -------- d-------- C:\Program Files\Trend Micro
2006-09-22 17:43 -------- d-------- C:\Documents and Settings\Alsson\Application Data\teamspeak2
2006-09-22 16:43 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Comodo
2006-09-22 15:55 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 18:32 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-19 18:32 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-17 19:41 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Internet Security Alliance
2006-09-17 19:07 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-17 17:12 -------- d-------- C:\Documents and Settings\Alsson\Application Data\McAfee.com Personal Firewall
2006-09-14 22:33 694393 ---hs---- C:\WINDOWS\system32\llnmp.bak1
2006-09-13 14:43 -------- d-------- C:\Program Files\CCleaner
2006-09-13 08:41 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Azureus
2006-09-13 08:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 17:52 -------- d-------- C:\Program Files\MKVtoolnix
2006-09-09 13:00 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Media Player Classic
2006-09-07 18:45 -------- d-------- C:\Documents and Settings\Alsson\Application Data\Sun
2006-09-05 21:11 -------- d-------- C:\Program Files\File Renamer
2006-09-05 21:09 109110 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2006-09-04 15:32 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-03 09:54 -------- d-------- C:\Program Files\Realtek AC97
2006-09-02 22:55 -------- d-------- C:\Program Files\XLink Kai Evolution VII
2006-09-02 22:07 737280 --a------ C:\WINDOWS\iun6002.exe
2006-09-02 20:28 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 20:20 -------- d-------- C:\Program Files\Browser MOUSE
2006-08-25 18:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 14:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-04 10:58 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-08-02 20:03 270848 --a------ C:\WINDOWS\system32\baksm.dll
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 01:59 62 --ahs---- C:\Documents and Settings\Alsson\Application Data\desktop.ini
2006-07-27 01:06 0 -rahs---- C:\MSDOS.SYS
2006-07-27 01:06 0 -rahs---- C:\IO.SYS
2006-07-27 01:06 0 --a------ C:\CONFIG.SYS
2006-07-27 01:06 0 --a------ C:\AUTOEXEC.BAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"XFILTER"="\"C:\\Program Files\\Filseclab\\xfilter\\xfilter.exe\" -a"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"NoFavoritesMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"StartMenuLogOff"=dword:00000000
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="D:\\Program Files\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-26 21:50:40.85
C:\ComboFix.txt ... 06-10-26 21:50

 

Voisitko kertoa vähän tarkemmin, että millaista ongelmaa on?