mazāku kapitāla

Magazine
Go Back   Computer Sulas > Computer Software > Vīrusu, spiegprogrammatūru un drošība
Reload this Page

HJT log

Reģistrēties Site Spy Member List Ziedot Meklēt Today's Posts Mark Forums Read Foruma Noteikumi

Register


 Default 

HJT log




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 6 novembris 2008, 14:34
Donors Group
  
Default HJT log

Hey Ļauns, garš stāsts īss, es f'ed manu citu datoru nedaudz, bet, un esmu izmantojot manu veco. Es tikko ilga HJT žurnāls par šo vienu un vēlējās, lai pārliecinātos, ka tas bija cool. Tas ir bijis spybot'ed. Es esmu Malware U kursu jau tagad un dara mana pirmā PL, tādēļ nav man ko jebkuru procesu vai es nopirkšu speršanai lol, bet es vēlējos uzzināt, vai šajā datorā bija laba.

Es būtu darījis to līdz aizgāju tur uz šī datora bet es aizmirsu. Pateicība.

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 4:29:12, par 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ WINDOWS \ system32 \ CTXFIHLP.EXE
C: \ WINDOWS \ CTHELPER.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Dzēšgumija \ eraser.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ ymsgr_tray.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window title = Windows Internet Explorer, ko Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn1 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn1 \ yt.dll
O4 - HKLM \ .. \ Run: [AudioDrvEmulator] "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" -1 AudioDrvEmulator "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ Audio emulatora \ AudDrvEm.dll "
O4 - HKLM \ .. \ Run: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / r
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [LiveUpdate] C: \ Program Files \ Byteswarm \ LiveUpdate \ LiveUpdate.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [BuildBU] c: \ dell \ bldbubg.exe
O4 - HKLM \ .. \ Run: [ATICustomerCare] "C: \ Program Files \ ATI \ ATICustomerCare \ ATICustomerCare.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" MSRun
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ \ vptray.exe
O4 - HKCU \ .. \ Run: [Creative Detector] C: \ Program Files \ Creative \ MediaSource \ Detector \ CTDetect.exe / R
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.EXE"-kluss
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [Dzēšgumija] C: \ Program Files \ Dzēšgumija \ eraser.exe-hide
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - Global Startup: HP psc 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
Ø8 - ārpus konteksta menu item: & Yahoo! Meklēt - file: / / / C: \ Program Files \ Yahoo! \ Common / ycsrch.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta izvēlnes vienums: Yahoo! Vārdnīca - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
Ø8 - ārpus konteksta izvēlnes vienums: Yahoo! & Maps - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
Ø9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?LinkID=39204
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter klase) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
Ø16 - DPF: (31E68DE2-5.548-4B23-88F0-C51E6A0F695E) (Microsoft PID sniffer) -- https: / / support.microsoft.com / OAS / ActiveX / odc.cab
Ø16 - DPF: (3E68E405-C6DE-49FF-83AE-41EE9F4C36CE) --
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://v5.windowsupdate.microsoft.co...?1104017934731
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://update.microsoft.com/microsof...?1120930322252
Ø16 - DPF: (CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA) (Java Plug-in 1.5.0_06) --
Ø16 - DPF: (CE8267C2-D41A-4A50-A69D-F32B5C289F14) --
Ø16 - DPF: (F6ACF75C-C32C-447B-9BEF-46B766368D29) (Creative Software AutoUpdate Support Package) -- http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
Ø17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ SYSTEM32 \ ati2sgag.exe
O23 - Service: Broadcom ASF IP monitoringu v6.0.4 (BAsfIpM) - Unknown īpašnieks - C: \ WINDOWS \ system32 \ basfipm.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Sony SPTI dienests DVE (ICDSPTSV) - Sony Corporation - C: \ WINDOWS \ SYSTEM32 \ IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Antivirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of failu - 11.075 bytes
  #2  
Old 6 novembris 2008, 15:32
Malware Group
  
Default HJT log

Tā kā jūs tagad sāk mācīties par ļaunprātīgu programmatūru, ļaujiet man uzdot Jums - vai Jūs domājat, ka šis žurnāls ir tīrs?
__________________

Mana sistēma: Tas viss ir mans ...

Processor (s):
C2D E6750 2.66GHz
Motherboard:
Gigabyte P35C-DS3R
RAM Operatīvā atmiņa:
2 x 1Gb Corsair DDR2 XMS2 PC26400
Graphics Card (s):
GeForce 8600GT
Sound Card:
Creative X-Fi
Hard Drive (s):
Maxtor 320Gb
Optical Drive (s):
Pioneer DVD-RW
Case / PSU:
Antec 900 / Antec TruPower Trio 650
Dzesēšana:
Various Antec + Zalman 92mm
Tīkla / Internets:
ASUS Router / VirginMedia
Monitor (s):
LGL226WQ 22 "Widescreen
Operating System (s):
XP Pro SP3
  #3  
Old 6 novembris 2008, 16:02
Donors Group
  
Default HJT log

Manas vakariņas atkal nosaka, I'll get back to you in apmēram 15 minūtēm mans draugs pēc man ēst to, kamēr tas ir karsts.
  #4  
Old 6 novembris 2008, 16:36
Donors Group
  
Default HJT log

Ok sorry. Jā es domāju, ka tas ir tīrs, bet ne tāpēc, ka man ir atrisinājums, vēl par to, ko es cenšos darīt. Es domāju, ka esmu praktizē diezgan darn labas datordrošības par šo lietu, jo es saņēmu to. Man ir palaist Spybot un komerciālo versiju Symantec (nevis patērētājam versiju vai bezmaksas versija) par to, jo es saņēmu to. Es mēdzu izmantot Zone Alarm, kā manu ugunsmūri un tās pienācīgas laikā.

Es domāju gan, ka man nav atjaunināta Java aptuveni 6 mēnešus, vai tā ir ievainojamības tur. Man arī nav varējuši iegūt Office atjauninājumi uzstādīt gandrīz gadu, līdz ar to citas iespējamās vājās puses. Kad mans jaunais dators ir samazinājies (lol es izlijuši, alus par to šodien, mēģinot iegūt savu pirmo PL darīt) man bija izmantot šo vienu. Atcerējos, ka man nebija paredzēts izmantot datoru, nav tīri mācībām, tāpēc es ilga HJT par šo vienu.

Nestāsti man, lūdzu, kaut ko par manu process log. i have to darīt pats, un es darīšu to. Es tikai gribu būt pārliecināts, ka es esmu saskaņā ar Malware U politiku tīru datoru. Es domāju, varbūt es būtu ievietojis tas tur, bet man ir pienācis izskats un uzticības Ļauns, un lielā mērā jūs, (man nav jālasa tu tik bieži, cik Evil). Man patīk tas jums ir testēšanas mani, bet es esmu tikai tāpēc jauno Šajā ka es nevaru sniegt jebkādu definative atbildes. Jautāt man mēnesī lol. And thanks.

EDIT: Es BŪS tomēr uzdot jautājumu. Kad man bija par downed datora tikai parādīja 10 procesi HJT. Tas nešķita tiesības uz mani, lai es atvēra Windows Task manager. Un tik tiešām tur bija 64 procesi darbojas saskaņā ar to. Kāpēc liela atšķirība?
  #5  
Old 6 novembris 2008, 16:48
Malware Group
  
Default HJT log

Neuztraucieties, es nevaru pateikt jums nekādas atbildes. Ja man bija, ka kāds būtu vietu jūsu apmācību? Jūs nevarēsiet mācīties ar mani stāsta jums atbildes - Jūs mācīties kļūdām. Man tas skaidri visiem praktikantiem iestāšanās akadēmijā, kur es pasniedzu malware izvešana.

Es jums saku, ka, pamatojoties uz log esat ievietojis, ka mašīna šķiet tīri. Kaut ko atcerēties, lai gan - HJT ir noderīgs sākuma punkts, lai meklē PC - tas tomēr nav jums pilnu stāstu. Tas ir kaut kas jūs uzzināsiet laika gaitā.

Atbildot uz jūsu jautājumu par procesiem, sāksim pie sākuma - kāda tieši ir HJT? Ko tas dod?

Ir pienācis laiks gultas šeit, bet es izvēlētos šo atkal rīt.
  #6  
Old 6 novembris 2008, 17:10
Donors Group
  
Default HJT log

Thanks a lot bro. I appreciate help. Tas ir jauki, ja "ārpusē" resursu, ka varu lielīties domas ieskaitu, neuztraucoties par jums, ka devāt man atbildes. Ja es soli pa līniju es zinu, jūs vai Evil pateiks man.

EDIT: Es darīšu šo procesu no šī datora, ne otrs. Tother viens bija pārāk viegli. Es zināju pie īsumā kas Alen no tiem bija. i ir ar pētniecību tiem pie šīs.
  #7  
Old 6 novembris 2008, 17:42
Moderator Group
  
Default HJT log

Tas ir atsvaidzinoša man arī ņemot Glaswegian izteikt savu viedokli. Tas ir labi, ka ieguldījumu vairāk nekā viena avota.
__________________
  #8  
Old 6 novembris 2008, 18:58
Donors Group
  
Default HJT log

SO man palika manu "jauno" datoru atpakaļ. Šeit ir HJT žurnālā. Skatīt procesi gan? Tas liecina, 10, bet mans uzdevums menedžeris rāda 64. What's up with that? 10, kas ir showinfg Man nav nepieciešams zināt kaut ko zināt, kas tie ir. Arī es zinu, pārējais ir tīrs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 1:19:15, par 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running procesiem:
C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razerhid.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ OSD.exe
C: \ Program Files \ Logitech \ GamePanel Software \ LCD Manager \ Applets \ LCDMedia.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razertra.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razerofa.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
F2 - REG: SYSTEM.INI: Userinit = userinit.exe
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files (x86) \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7DB2D5A0-7.241-4E79-B68D-6309F01C5231) - (no file)
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [JMB36X IDE Setup] C: \ Windows \ RaidTool \ xInsIDE.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files (x86) \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] "C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ winpatrol.exe"-expressboot
O4 - HKLM \ .. \ Run: [Lachesis] "C: \ Program Files (x86) \ Razer \ Lachesis \ razerhid.exe"
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [NVIDIA nTune] "C: \ Program Files (x86) \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" resetprofile
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files (x86) \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [Dzēšgumija] C: \ Program Files \ Dzēšgumija \ eraser.exe-hide
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [DelayShred] C: \ PROGRA ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ Micros ~ 1 \ Windows \ TEMPO R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [DelayShred] C: \ PROGRA ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ Micros ~ 1 \ Windows \ TEMPO R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User 'Default user')
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - Gopher Prefix:
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - AppInit_DLLs: C: \ Windows \ SysWOW64 \ guard32.dll
O23 - Service: @% SystemRoot% \ system32 \ Alg.exe, -112 (ALG) - Unknown īpašnieks - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: Comodo Internet Security Helper dienests (cmdAgent) - Unknown īpašnieks - C: \ Program Files \ Comodo \ Comodo Internet Security \ cmdagent.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - Unknown īpašnieks - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ fxsresm.dll, -118 (Fakss) - Unknown īpašnieks - C: \ Windows \ system32 \ fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown īpašnieks - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcAppFlt. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown īpašnieks - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres.dll, -2.797 (MSDTC) - Unknown īpašnieks - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ netlogon.dll, -102 (Netlogon) - Unknown īpašnieks - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: ForceWare IP pakalpojums (nSvcIp) - Unknown īpašnieks - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown īpašnieks - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: @% SystemRoot% \ system32 \ psbase.dll, -300 (ProtectedStorage) - Unknown īpašnieks - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Locator.exe, -2 (RpcLocator) - Unknown īpašnieks - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ samsrv.dll, -1 (SamSs) - Unknown īpašnieks - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Drošāka tīkla Ltd - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown īpašnieks - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown īpašnieks - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ Spoolsv.exe, -1 (spolētāja) - Unknown īpašnieks - C: \ Windows \ System32 \ Spoolsv.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown īpašnieks - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (VDS) - Unknown īpašnieks - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vssvc.exe, -102 (VSS) - Unknown īpašnieks - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ wbengine.exe, -104 (wbengine) - Unknown īpašnieks - C: \ Windows \ system32 \ wbengine.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown īpašnieks - C: \ Windows \ system32 \ wbem \ WmiApSrv.exe (file missing)
O23 - Service: @% programfiles% \ Windows Media Player \ wmpnetwk.exe, -101 (WMPNetworkSvc) - Unknown īpašnieks - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)

--
End of failu - 9.203 bytes
  #9  
Old 7 novembris 2008, 12:05
Malware Group
  
Default HJT log

Jums neatbildēja diviem jautājumiem Esmu lūdzis agrāku par HJT - šīs atbildes palīdzēs jums saprast, ko jūs meklējat pie šajā žurnālā.
  #10  
Old 7 novembris 2008, 13:26
Donors Group
  
Default HJT log

Atvainojiet, man nebija atbilde tam, man bija jāmeklē to un sita to manas smadzenes.

HJT ir noderīgas lieto, lai palīdzētu identificēt ļaundabīgās programmas. Tā ražo saraksts īpašām vidēm atrodama uz privātpersonām datoru. Tā skenē reģistra un citiem failiem (es nezinu, ko citi vēl, es tikko sākās), lai llok ierakstiem līdzīgs spiegprogrammatūru vai lidmašīnas nolaupītājs programmas atstās novārtā. Tā kā likumīgu programmas atstāt dažreiz atstāj pašas lietas aiz muguras, man iemācīties starpību.
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Sulas.
Kontaktpersona -- Privacy -- Sitemap -- Augša

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO līdz 2009 vBSEO ©, Crawlability, Inc