Hjt-Log

Discussion in 'Virukset ja haittaohjelmat' started by bjdj89, Mar 12, 2006.

  1. bjdj89

    bjdj89 Regular member

    Joined:
    Nov 22, 2005
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    26
    Konetta olen pyrkinyt puhdistamaan mitä erilaisimmilla ohjelmilla joten nyt ajattelin lähettää login tänne jotta näkisin onko koneelta kestänyt örkit loitolla. Meseplussankin asensin, mutta ilman sponsoriohjelmaa joten silloinhan siitä ei pitäisi tulla örkkejä?



    Logfile of HijackThis v1.99.1
    Scan saved at 12:01:35, on 12.3.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    M:\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    M:\ewido anti-malware\ewidoctrl.exe
    M:\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    M:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    M:\winamp\winpatrol.exe
    M:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\rundll32.exe
    M:\DAEMON Tools\daemon.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    M:\locitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    M:\Windows Defender\MSASCui.exe
    M:\Spybot - Search & Destroy\TeaTimer.exe
    M:\Cookie Monster\CookieMonster.exe
    M:\MRU-Blaster\scheduler.exe
    M:\SpywareGuard\sgmain.exe
    M:\SpywareGuard\sgbhp.exe
    M:\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    M:\Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - M:\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - M:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinPatrol] M:\winamp\winpatrol.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "M:\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] M:\locitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
    O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\TeleWell TW-EA100B_2 ADSL USB\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "M:\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MessengerPlus3] "M:\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] M:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Cookie Monster] M:\Cookie Monster\CookieMonster.exe -quiet
    O4 - Startup: MRU-Blaster Scheduler.lnk = M:\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = M:\MRU-Blaster\mrublaster.exe
    O4 - Startup: SpywareGuard.lnk = M:\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = M:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://M:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136630184593
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94BB3CC0-5BDE-49A4-B54F-65D4BC24AAEC}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - M:\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - M:\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    bjdj89, Mar 12, 2006
    #1
  2. mawdrgn

    mawdrgn Regular member

    Joined:
    Jan 2, 2006
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    26
    Aika puhtaaltahan tuo näyttää =)

    Tämän voi kuitenkin varmaan fiksata:

    R3 - Default URLSearchHook is missing

    Mutta äläpä vielä tee mitään ennenkuin joku hieman osaavampi katsoo läpi vielä (Ei ole koulutus minulla vielä ihan päätöksessään, nääs :p )
     
    mawdrgn, Mar 12, 2006
    #2
  3. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kaksi palomuuria käytössä (kerio ja norton)? Jos, niin ota toinen pois päältä. Ja tuon mawdrgnin kertoman rivin voi fixata.
     
    -kemisti-, Mar 12, 2006
    #3
  4. bjdj89

    bjdj89 Regular member

    Joined:
    Nov 22, 2005
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    26
    Ei ole kaksi palomuuria käytössä sillä Nortonista olen laittanut palomuurin pois päältä. Muuten siis puhdas logi?
     
    bjdj89, Mar 12, 2006
    #4
  5. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    On puhdas, tämän voit fixata, kuten mawdrgn jo sanoi:

    R3 - Default URLSearchHook is missing
     
    -kemisti-, Mar 12, 2006
    #5

Share This Page