Messenger haittaohjelma, hjt log

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Jonuski, Jun 12, 2009.

Thread Status:
Not open for further replies.
  1. Jonuski

    Jonuski Regular member

    Joined:
    Jan 29, 2006
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    26
    Kaverit valittelee että messengerini tarjoilee epämääräisiä nettisivuja itsekseen. En tiedä miten tämä on mahdollista, sillä itse en ole aukonut mitään linkkejä. Koneessa ei muuten ole mitään oireita.

    Tässä on hjt log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:57, on 12.6.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Softat\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Softat\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Softat\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Softat\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    D:\Softat\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    D:\Softat\Nokia\Nokia PC Suite 7\PCSuite.exe
    D:\Softat\DAEMON Tools Lite\daemon.exe
    D:\Softat\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    D:\Softat\Office 2003\OFFICE11\EXCEL.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Softat\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
     
    Jonuski, Jun 12, 2009
    #1
Thread Status:
Not open for further replies.

Share This Page