Hijackin logi -windows ja mozilla

Discussion in 'Ajuri- ja softaongelmat' started by Hanger, Aug 19, 2004.

  1. Hanger

    Hanger Member

    Joined:
    May 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    16
    Tässä on Hijackin logi. Minulla kestää windows xp:n latautuminen pirun kauan eikä mozillakaan aukenemisessa kestää turhankin kauan. Voisiko joku vilkaista logia, kiitos jo etukäteen!


    Logfile of HijackThis v1.98.2
    Scan saved at 14:07:26, on 19.8.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\fi\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fi\msnappau.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O20 - AppInit_DLLs: PAVWAIT.DLL
     
    Hanger, Aug 19, 2004
    #1
  2. Hanger

    Hanger Member

    Joined:
    May 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    16
    Samanlainen logi FINDnFIX:llä...kiitoksia!


    Thu 19 Aug 04 15:43:54

    »»»»»»»»»»»»»»»»»»***LOG!***(*updated *8/19)»»»»»»»»»»»»»»»»

    *System:
    Microsoft Windows XP Professional 5.1 Service Pack 1 (Build 2600)
    *IE version:
    6.0.2800.1106 SP1-Q823353-Q832894-Q831167-Q867801


    __________________________________
    !!*Creating backups...!!
    __________________________________

    *Local time:
    19. elokuuta 2004 (19.8.2004)
    15:43, Kesäaika
    *Uptime:
    15:43:56 up 0 days, 7:04:25

    *Path:
    C:\FINDnFIX
    ----------------------------------------------------
    »»Member of...: ("ADMIN" logon + group match required!)

    User is a member of group MAMIVA\Ei mitään.
    User is a member of group \Kaikki.
    User is a member of group BUILTIN\Järjestelmänvalvojat.
    User is a member of group BUILTIN\Käyttäjät.
    User is a member of group \PAIKALLINEN.
    User is a member of group NT-HALLINTA\VUOROVAIKUTTEINEN.
    User is a member of group NT-HALLINTA\Vahvistetut käyttäjät.
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    User: [MAMIVA\Mikko], is a member of:

    MAMIVA\Ei mitään
    \Everyone

    »»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
    The list will produce a small database of files that will match certain criteria.
    Ex: read only files, s/h files, last modified date. size, etc.
    The filters provided and registry scan should match the
    corresponding file(s) listed.
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Unless the file match the entire criteria, it should not be pointed to remove
    without attempting to confirm it's nature!
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
    If in doubt, always search the file(s) and properties according to criteria!

    The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

    ______________________________________________________________________________
    ***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
    ______________________________________________________________________________

    ......Scanning for file(s)...
    *Note! The list(s) may include legitimate files!
    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

    »»»»» (*1*) »»»»» .........
    »»Read access error(s)...


    »»»»» (*2*) »»»»»........

    »»»»» (*3*) »»»»»........

    No matches found.

    unknown/hidden files...

    No matches found.

    »»»»» (*4*) »»»»».........
    Sniffing..........
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL

    »»»»»(*5*)»»»»»

    »»»»»(*6*)»»»»»

    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
    »»»»»Search by size...
    *List of files and specs according to 'size' :
    *Note: Not all files listed here are infected, but *may include* the
    name and spces of the offending file...
    ___________________________________________________________________________
    Path: C:\WINDOWS\SYSTEM32 Including: *.DLL


    ____________________________________________________________________________
    *By size and date...


    No matches found.

    No matches found.

    No matches found.

    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL
    Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

    SNiF 1.34 statistics

    Matching files : 0 Amount in bytes : 0
    Directories searched : 1 Commands executed : 0

    Masks sniffed for: *.DLL

    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


    BHO search...



    No matches found.


    »»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
    »»Size of Windows key:
    (*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

    Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 472

    »»Checking for AppInit_DLLs (empty) value...
    ________________________________
    !"AppInit_DLLs"=""!

    Value does not match
    ________________________________

    »»Comparing *saved* key with *original*...

    REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

    Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

    No differences found.

    »»Dumping Values........
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ PAVWAIT.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs = PAVWAIT.DLL
    DeviceNotSelectedTimeout = 15
    GDIProcessHandleQuota = REG_DWORD 0x00002710
    Spooler = yes
    swapdisk =
    TransmissionRetryTimeout = 90
    USERProcessHandleQuota = REG_DWORD 0x00002710

    »»Security settings for 'Windows' key:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    (NI) ALLOW Read BUILTIN\K„ytt„j„t
    (IO) ALLOW Read BUILTIN\K„ytt„j„t
    (NI) ALLOW Read BUILTIN\Tehok„ytt„j„t
    (IO) ALLOW Read BUILTIN\Tehok„ytt„j„t
    (NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (IO) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (NI) ALLOW Full access NT-HALLINTA\SYSTEM
    (IO) ALLOW Full access NT-HALLINTA\SYSTEM
    (NI) ALLOW Full access BUILTIN\J„rjestelm„nvalvojat
    (IO) ALLOW Full access LUOJA-OMISTAJA

    Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
    Read BUILTIN\K„ytt„j„t
    Read BUILTIN\Tehok„ytt„j„t
    Full access BUILTIN\J„rjestelm„nvalvojat
    Full access NT-HALLINTA\SYSTEM



    »»Performing string scan....
    00001150: ?
    00001190: $ vk f AppInit_
    000011D0:DLLs G P A V W A I T . D L L pOK vk 0
    00001210: UDeviceNotSelectedTimeout 1 5 9 0 #
    00001250: vk ' zGDIProcessHandleQuota" vk
    00001290: Spooler2 y e s ' P vk
    000012D0: =pswapdisk vk @ R TransmissionRetr
    00001310:yTimeout P 8 vk ' &R
    00001350:USERProcessHandleQuota $ I 3 0 ' $ I 3 0 H' $ I 3
    00001390:0 t' $ I 3 0 ' $ I 3 0 ' $ I 3 0 $( $ I 3 0 P(
    000013D0:$ I 3 0 |( $ I 3 0 ( $ I 3 0 ) $ I 3 0 ,) $ I 3 0
    00001410: X) $ I 3 0 ) $ I 3 0 ) $ I 3 0 ) $ I 3 0 * $
    00001450:I 3 0 * $ I 3 0 * $ I 3 0 + $ I 3 0 , $ I 3 0
    00001490:D, $ I 3 0 p, $ I 3 0 , $ I 3 0 , $ I 3 0 , $ I
    000014D0:3 0 L- $ I 3 0 x- $ I 3 0 - $ I 3 0 - $ I 3 0 -
    00001510: $ I 3 0 (. $ I 3 0 T. $ O . $ I 3 0 . $ I 3 0
    00001550: . $ I 3 0 / $ I 3 0 0/ $ I 3 0 \/ $ I 3 0 / $ I
    00001590:3 0 / $ I 3 0 / $ I 3 0 0 $ I 3 0 d0 $ I 3 0 0
    000015D0: $ I 3 0 r q q

    ---------- WIN.TXT
    fùAppInit_DLLsÖ?æGàÿÿÿP
    --------------
    --------------
    $011C8: AppInit_DLLs
    $01217: UDeviceNotSelectedTimeout
    $01267: zGDIProcessHandleQuota
    $01300: TransmissionRetryTimeout
    $0134F: RUSERProcessHandleQuota
    --------------
    --------------
    PAVWAIT.DLL
    19E815B1d01
    19E815~101_
    --------------
    --------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="PAVWAIT.DLL"
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    ..........
    *Debug...
    --------------
    --------------
    Ntdll.DLL at 77F50000
    Kernel32.DLL at 77E60000
    ..........
    A handle was successfully obtained for the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
    This key has 0 subkeys.
    The AppInitDLLs value exists and reports as 24 bytes, including the 2 for string termination.

    [AppInitDLLs]
    Ansi string : "PAVWAIT.DLL"
    0000 50 00 41 00 56 00 57 00 41 00 49 00 54 00 2e 00 | P.A.V.W.A.I.T...
    0010 44 00 4c 00 4c 00 00 00 | D.L.L...
    -----------------------

    »»»»»»Backups list...»»»»»»
    15:47:15 up 0 days, 7:07:44
    -----------------------
    Thu 19 Aug 04 15:47:15


    C:\FINDNFIX\
    keyback.hiv Thu 19 Aug 2004 15.42.28 A.... 8 192 8,00 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 8 192 bytes 8,00 K

    C:\FINDNFIX\KEYS1\
    winkey.reg Thu 19 Aug 2004 15.42.30 A.... 298 0,29 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 298 bytes 0,29 K

    *Temp backups...

    "C:\Documents and Settings\Mikko.MAMIVA\Local Settings\Temp\Backs2\"
    keyback2.hi_ 19 Aug 2004 8192 "keyback2.hi_"
    winkey2.re_ 19 Aug 2004 298 "winkey2.re_"

    2 items found: 2 files, 0 directories.
    Total of file sizes: 8 490 bytes 8,29 K
    -D---- JUNKXXX 00000000 15:42.28 19/08/2004
    A----- STARTIT .BAT 0000005F 15:43.56 19/08/2004

    ________________________________________________________________________________
    ***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
    AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
    MINIMAL REQUIREMENTS INCLUDE:
    _________XP HOME/PRO; SP1; IE6/SP1
    _________2K/SP4; IE6/SP1
    ________________________________________________________________________________
    »»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
    -----END------
    Thu 19 Aug 04 15:47:16
     Smile Smile
     
    Hanger, Aug 19, 2004
    #2

Share This Page