HJT-Log

Discussion in 'Virukset ja haittaohjelmat' started by Meuras, Jan 30, 2006.

  1. Meuras

    Meuras Member

    Joined:
    Jun 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Ensimmäisen kerran tätäkin kokeilin, onko kunnossa?

    Logfile of HijackThis v1.99.1
    Scan saved at 14:15:07, on 30.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\WindowBlinds\wbload.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\Program Files\PeerGuardian2\pg2.exe
    D:\Program Files\Desktop Sidebar\dsidebar.exe
    D:\Program Files\Executive Software\Diskeeper\DkService.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    D:\Program Files\Trillian\trillian.exe
    D:\Program Files\mIRC\mirc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bgrdweqaglj.net/cnCwVOKXt62TA04r1kEILZO/hl9rkn7TSv3f3t4AZG74cDGt9f8EMUarpyCqy3U/.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [SIDEBAR] "D:\Program Files\Desktop Sidebar\dsidebar.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122427214640
    O20 - Winlogon Notify: WB - D:\PROGRA~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inrftlo - Unknown owner - (no file)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
     
    Meuras, Jan 30, 2006
    #1
  2. Disa-

    Disa- Regular member

    Joined:
    Sep 6, 2005
    Messages:
    860
    Likes Received:
    0
    Trophy Points:
    26
    Puhdas on. Hae täältä -> http://www.ewido.net/en/download
    ewido, asenna, päivitä ja skannaa. Anna poistaa mitä löytää, tallenna raportti. Lähetä ewidon raportti ja uusi HjT-loki.
     
    Disa-, Jan 30, 2006
    #2
  3. Meuras

    Meuras Member

    Joined:
    Jun 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    prkl, hain sen ja aloin skannaa, kaatuu muistin skannauksen aikana, jumittuu kone kokonaan, samoin toisella koneella jumittuu... otin norton av 2005:sen pois ppäältä ja kaatui uudestaan...

    kun jumittu oli menossa "VM_00CD0000"
     
    Last edited: Jan 30, 2006
    Meuras, Jan 30, 2006
    #3
  4. Disa-

    Disa- Regular member

    Joined:
    Sep 6, 2005
    Messages:
    860
    Likes Received:
    0
    Trophy Points:
    26
    Disa-, Jan 30, 2006
    #4
  5. Meuras

    Meuras Member

    Joined:
    Jun 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Elikkä tämmöstä tuli->
    Jumittuu ewidolla vieläkin..

    Mon Jan 30 15:57:45 2006 => Total Number of Disinfected Files: 0
    Mon Jan 30 15:57:45 2006 => Total Number of Files Renamed: 2
    Mon Jan 30 15:57:45 2006 => Total Number of Deleted Files: 6
    Mon Jan 30 15:57:45 2006 => Total Number of Errors: 4
    Mon Jan 30 15:57:45 2006 => Time Elapsed: 00:43:18
    Mon Jan 30 15:57:45 2006 => Virus Database Date: 2006/01/30
    Mon Jan 30 15:57:45 2006 => Virus Database Count: 173886

    Mon Jan 30 15:57:45 2006 => Scan Completed.

    File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File C:\WINDOWS\system32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C551DA2.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Meuras\Application Data\Opera\Opera\profile\cache4\opr0014G.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\Meuras\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv408.jar-2fa90dc9-42f1dccf.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Meuras\Local Settings\Temp\31430.exe infected by "not-virus:Hoax.Win32.Renos.av" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\Meuras\Local Settings\Temp\list141.exe infected by "Trojan-Downloader.Win32.Centim.an" Virus. Action Taken: File Deleted.
    File C:\Documents and "Trojan-Downloader.Win32.INService.gen" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{EC144A72-5552-4E16-8116-18A7841CA37B}\RP377\A0068588.exe infected by "Trojan-Downloader.Win32.INService.gen" Virus. Action Taken: File Deleted.
    File C:\WINDOWS\system32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File C:\WINDOWS\system32\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File D:\Program Files\Radmin\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File D:\Program Files\Radmin\radmin.exe.bak tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File D:\Program Files\Radmin\r_server.exe tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.
    File J:\Asennukset\vnc-4_1_1-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4110. No Action Taken.

     
    Last edited: Jan 30, 2006
    Meuras, Jan 30, 2006
    #5
  6. Meuras

    Meuras Member

    Joined:
    Jun 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Ainii se HJT uudestaan:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:10:06, on 30.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\WindowBlinds\wbload.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\Program Files\PeerGuardian2\pg2.exe
    D:\Program Files\Desktop Sidebar\dsidebar.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\Program Files\ewido anti-malware\ewidoguard.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bgrdweqaglj.net/cnCwVOKXt62TA04r1kEILZO/hl9rkn7TSv3f3t4AZG74cDGt9f8EMUarpyCqy3U/.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [SIDEBAR] "D:\Program Files\Desktop Sidebar\dsidebar.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122427214640
    O20 - Winlogon Notify: WB - D:\PROGRA~1\WINDOW~1\fastload.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cd2pnpbdq - Symantec Corporation - (no file)
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inrftlo - Unknown owner - (no file)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
     
    Meuras, Jan 30, 2006
    #6
  7. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    blade81, Jan 31, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    -kemisti-, Jan 31, 2006
    #8
  9. Meuras

    Meuras Member

    Joined:
    Jun 2, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    11
    Tuli vähän muitakin ongelmi vastaan, kovalevy kosahti paskaksi...nyt on win xp uusik laitettu, vois heittää login tähän jos joku vois kattoa, pitäis varmaan olla uhdas kun juuri asensin.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:05:42, on 1.2.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\devldr32.exe
    F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    F:\Program Files\ewido anti-malware\ewidoctrl.exe
    F:\Program Files\ewido anti-malware\ewidoguard.exe
    F:\Asennukset\utorrent.exe
    F:\Program Files\Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138745571796
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido anti-malware\ewidoguard.exe

     
    Meuras, Feb 1, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Puhdas on.
     
    -kemisti-, Feb 1, 2006
    #10

Share This Page