Mesevirus+aikaa+lisää pöpöjä+kiehuu (+hjt loki)

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Enoxol1, May 27, 2008.

  1. Enoxol1

    Enoxol1 Member

    Joined:
    Dec 24, 2007
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    ensin oli meseviirus, sitten EHKÄ sain sen pois manuaalisesti, sitten kone olikin täynnä pöpöjä.. Onko HJT lokini kunnossa ja kun tiedän että ei, niin mitä sieltä korjattaan?

    LISÄYS:Nyt en enään pysty HJT ohjelmalla tekemään "do a system skan and save log file" toimintoa, ainoastaan "do a system skan only" toiminnon! valittaa että HJT tekee jonkun virheen ja sit sammuttaa ittensä jos yritän.

    Kiitoksia etukäteen pelastajalleni!
    __________________________________________________________________________________________




    Logfile of HijackThis v1.99.1
    Scan saved at 20:25:38, on 27.5.2008
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\winudspm.exe
    C:\Program Files\Opera\Opera.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\tappeluohjelmat\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
    Last edited: May 30, 2008
    Enoxol1, May 27, 2008
    #1
  2. Enoxol1

    Enoxol1 Member

    Joined:
    Dec 24, 2007
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11

    SDFix: Version 1.186
    Run by Administrator on ke 28.05.2008 at 19:24

    Microsoft Windows 2000 [Version 5.00.2195]
    Running From: C:\SDFix\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe - Deleted
    C:\WINNT\system32\cdplayer.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-28 19:50:11
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:45026f8a
    "s1"=dword:5edfa3b5
    "s2"=dword:700e8a17
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:22,65,5f,76,2d,a5,39,65,bb,6f,7c,7f,47,ac,61,b8,7e,cb,af,34,f0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,1a,24,a7,3a,93,63,33,60,fe,55,34,18,2a,b6,27,d0,1c,..
    "khjeh"=hex:74,0a,c8,25,da,0b,c1,fe,e3,d2,df,d1,35,5f,91,59,72,3b,3d,46,e2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:67,d3,27,95,f6,6b,9a,de,d8,51,6c,08,3b,43,b5,93,16,b0,be,05,9c,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:22,65,5f,76,2d,a5,39,65,bb,6f,7c,7f,47,ac,61,b8,7e,cb,af,34,f0,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,1a,24,a7,3a,93,63,33,60,fe,55,34,18,2a,b6,27,d0,1c,..
    "khjeh"=hex:74,0a,c8,25,da,0b,c1,fe,e3,d2,df,d1,35,5f,91,59,72,3b,3d,46,e2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:67,d3,27,95,f6,6b,9a,de,d8,51,6c,08,3b,43,b5,93,16,b0,be,05,9c,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Remaining Files :


    File Backups: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 21 Sep 2007 5,899,832 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Wed 1 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Finished!
     
    Enoxol1, May 28, 2008
    #2

Share This Page