Troijalaisesta varotteli

jokuz · Jul 13, 2008

Joo no laitan ihan uudet hjt & combofix logit tähän sanokaas onko siellä mitään vai yrittikö joku hyökätä koneelle.

avast! 4.8 home edition tommosta siunasi:Sign of "SWFownloader [Trj]" has been found in "http://209.47.164.209/ff.swf" file.

Logfile of HijackThis v1.99.1
Scan saved at 9:00:42, on 13.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\pasi\tietosdot\bitcomet 0.91\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\pasi\tietosdot\bitcomet 0.91\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156399155328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

siinäpä HjT ja nyt ComboFix:

ComboFix 07-08-17.2 - "Pasi" 2008-07-13 8:50:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.195 [GMT 3:00]

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-07-07 12:25 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 20:37 246784 --a------ C:\WINDOWS\system32\mswsock.dll
2008-06-20 20:37 246784 --a------ C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 20:37 147968 --a------ C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:44 360960 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 13:44 360960 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:44 138368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 13:44 138368 --a------ C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:32 225920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 12:32 225920 --a------ C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 20:59 272128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 20:59 272128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-29 12:51 --------- d-------- C:\Program Files\DivX
2008-05-28 16:15 --------- d-------- C:\DOCUME~1\Pasi\APPLIC~1\U3
2008-05-26 21:16 --------- d-------- C:\DOCUME~1\Pasi\APPLIC~1\Canon
2008-05-16 02:24 1152888 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-05-16 02:20 78416 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-05-16 02:18 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-05-16 02:16 20560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-05-16 02:15 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-05-16 02:14 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-05-16 02:13 26944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-05-16 02:12 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-05-13 04:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 04:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 04:51 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 04:51 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 04:50 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-13 04:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-05-13 04:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-13 04:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-05-13 04:50 682496 --a------ C:\WINDOWS\system32\DivX.dll
2008-05-13 04:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-05-13 04:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2008-05-13 04:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-05-13 04:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-05-13 04:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2008-05-13 04:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-05-13 04:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-13 04:49 161096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 04:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 15:28 202752 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 08:15 1288192 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-07 08:15 1288192 --a------ C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 17:00 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-23 22:16 3591680 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 07:16 826368 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-23 07:16 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-23 07:16 63488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 07:16 6066176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 07:16 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 07:16 478208 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-23 07:16 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 07:16 44544 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-23 07:16 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2008-04-23 07:16 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-04-23 07:16 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 07:16 347136 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-23 07:16 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-23 07:16 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-23 07:16 233472 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2008-04-23 07:16 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-04-23 07:16 214528 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-23 07:16 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-23 07:16 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-04-23 07:16 133120 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-23 07:16 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2008-04-23 07:16 1159680 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-23 07:16 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2008-04-23 07:16 102912 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2008-04-22 10:41 70656 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 10:41 625664 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 10:39 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 08:07 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 C:\WINDOWS\system32\VTTrayp.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-24 09:16]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86698a26-f0ce-11da-b434-003005b2b4c7}]
AutoRun\command- D:\setupSNK.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 08:53:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2008-07-13 8:54:13
C:\ComboFix2.txt ... 2008-07-11 23:07
C:\ComboFix3.txt ... 2007-08-23 06:33

--- E O F ---

yaht · Jul 13, 2008

Puhdas on ja tuo mitä avast ilmoitteli niin on jollain palvelimella ei koneellasi eli jollais sivustolla on ollut kyseinen haittaohjelma ja se yritti tulla koneellesi mutta avasti esti sen.

jokuz · Jul 14, 2008

ok kiitos tiedosta

arvelinkin että hyökkäys vaan oli kyseessä mutta aina varalta kysästä teiltä jotka tiedätte enemmän.

Log in or Sign up

Troijalaisesta varotteli

jokuz Member

yaht Regular member

jokuz Member

Share This Page

Log in or Sign up

Troijalaisesta varotteli

jokuz Member

yaht Regular member

jokuz Member

Share This Page

Useful Searches