1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Messenger-virus + HjT-loki

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi inamoi 29.05.2008.

  1. inamoi

    inamoi Member

    Liittynyt:
    28.05.2008
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Tervehdys!

    Elikkäs sama juttu on käynyt kuten näköjään moni muukin täällä. Tuli painettua mesessä linkkiä ja virus tuli koneelle. Yritin sitä poistaa poikaystävän avustuksella, mutta en ole varma onko virus lähtenyt koneelta. Uskon että se vielä tässä koneella on kun ei oikein kone toimi. Ajattelin varmistaa asian vielä täällä ja samalla varmistaa asian vielä täällä ja samalla tarkastuttaa löytyykö koneelta muita pöpöjä.

    sitten se HjT-loki

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:57:35, on 28.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    I:\Programs\Ad-Aware\aawservice.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    H:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\Program Files\Analog Devices\Core\smax4pnp.exe
    H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    H:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    I:\Programs\QuickTime\QTTask.exe
    H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    H:\Documents and Settings\Henkka\My Documents\Adan\Nokia PC Suite 6\LaunchApplication.exe
    H:\WINDOWS\system32\Rundll32.exe
    H:\WINDOWS\system32\rundll32.exe
    H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Program Files\Creative\Shared Files\CamTray.exe
    H:\Program Files\Logitech\SetPoint\SetPoint.exe
    H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    H:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    H:\Program Files\Windows Live\Messenger\usnsvc.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - H:\WINDOWS\system32\xxywUMFU.dll
    O2 - BHO: (no name) - {6FCBBC10-EEEB-43CE-8791-4C25194AC8CF} - H:\WINDOWS\system32\nnnNHbbC.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] H:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Programs\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Programs\Adobe\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Documents and Settings\Henkka\My Documents\Adan\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\afehecok.dll",b
    O4 - HKLM\..\Run: [BMb3422df2] Rundll32.exe "H:\WINDOWS\system32\hdqcbsyr.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [LDM] H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] "H:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = H:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - H:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: xxywUMFU - H:\WINDOWS\SYSTEM32\xxywUMFU.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Programs\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

    --
    End of file - 9003 bytes
     
  2.  

Jaa tämä sivu