Messenger, Firedaemon temmpuilee (hjt logi mukana)

Discussion in 'Virukset ja haittaohjelmat' started by Simppeli, Jun 7, 2006.

  1. Simppeli

    Simppeli Guest

    Hei,

    Onko kenelläkään tietoa seuraavasta.
    kun kirjoitan Messengerillä viestiä kirjaimet tulevat näkyviin yksitellen ja erittäin hitaasti. Ihan kuin joku keylogger olisi päällä tms.

    Lisäksi win xp home on käyttiksenä ja käynnistyessä saan 3 kappaletta ilmoituksia "Firedaemon on suorittanut virheen..."
    Mihinköhän tämä mahtaa liittyä.

    Alla on vielä hjt logi jos joku ystävällisesti voisi sitä vilaista ja kommentoida.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:50:44, on 07/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\KIMMOK~1\LOCALS~1\Temp\Rar$EX00.735\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {19DD9DE5-B033-4A1D-86D6-5DAF16BE5770} - C:\WINDOWS\system32\kbdgr32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
    O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe

    t: Simppeli
     
    Last edited by a moderator: Jun 7, 2006
    Simppeli, Jun 7, 2006
    #1
  2. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Avaa HijackThis, paina do a system scan only ja merkkaa tämä:
    O2 - BHO: (no name) - {19DD9DE5-B033-4A1D-86D6-5DAF16BE5770} - C:\WINDOWS\system32\kbdgr32.dll (file missing)

    Sulje kaikki ikkunat ja paina fix cheked
    Muuten loki näyttää puhtaalta, kannattaa varmaan asentaa Firedaemon uudestaan, tosin suosittelisin että hankkiudut eroon koko ohjelmasta kun on vähän kyseenalainen
    http://forums.firedaemon.com/viewtopic.php?t=18
     
    Last edited: Jun 8, 2006
    Jurppis, Jun 8, 2006
    #2
  3. Simppeli

    Simppeli Guest

    Muuttaako asiaa jos mainitsen että firedaemonia en ole itse asentanut?

    Thx.

    - Simppeli
     
    Simppeli, Jun 8, 2006
    #3
  4. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Joo, kannattaa poistaa se firedaemon, tossa linkissä mun edellisessä viestissä pitäisi olla ohjeita
     
    Jurppis, Jun 8, 2006
    #4
  5. Simppeli

    Simppeli Guest

    Kiitos ja kumarrus.
    - Simppeli
     
    Simppeli, Jun 8, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    @Jurppis: On örkin asentama, pitää poistaa muuten :)

    @Simppeli:

    Tehdääs kuitenkin näin:

    HjT omaan hakemistoon -> C:\hjt

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
    O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe
    O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINDOWS\security\FireDaemon.exe

    Käynnistä -> suorita
    kirjoita
    sc stop msagent ja klikkaa ok
    sitten sc delete msagent ja klikkaa ok
    sitten sc stop netclient ja klikkaa ok
    sitten sc delete netclient ja klikkaa ok
    sitten sc stop winsecure ja klikkaa ok
    sitten sc delete winsecure ja klikkaa ok

    Poista:

    C:\WINDOWS\security

    Käynnistä uudelleen ja lähetä uusi HjT-loki.
     
    Last edited: Jun 9, 2006
    -kemisti-, Jun 9, 2006
    #6

Share This Page