HJT logi

Discussion in 'Virukset ja haittaohjelmat' started by arzuma, Jan 25, 2006.

  1. arzuma

    arzuma Member

    Joined:
    Jan 25, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Hei! Ohessa olis loki, olis mukava jos joku asialle vihkiytynyt ehtis vilkaisemaan. Kiitos ja kumarrus jo etukäteen.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:15:32, on 25.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Norman\Nvc\BIN\NPFSVICE.EXE
    C:\Norman\Bin\Zanda.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Norman\bin\NJEEVES.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Norman\bin\ZLH.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Norman\Npf\BIN\npfmsg2.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Norman\Nvc\BIN\nipsvc.exe
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\BIN\nipsvc.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
     
    arzuma, Jan 25, 2006
    #1
  2. teppoI

    teppoI Moderator Staff Member

    Joined:
    Apr 30, 2005
    Messages:
    4,166
    Likes Received:
    4
    Trophy Points:
    48
    En huomannut mitään ihmeellistä, vai onko sinulla jokin CAD -ohjelma? tuolla näkyi olevan jokin AutoCAD...
     
    teppoI, Jan 25, 2006
    #2
  3. arzuma

    arzuma Member

    Joined:
    Jan 25, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Joo, on cadi, mutta mitäs on nämä mahtaa olla?

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -

    EDIT
    Onko kokemuksia ccleanerin käytöstä ja mikähän tämäkin on:
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
     
    Last edited: Jan 25, 2006
    arzuma, Jan 25, 2006
    #3
  4. spuge9

    spuge9 Regular member

    Joined:
    Jan 6, 2006
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    26
    SOUNDMAN.EXE taitaa olla se ajuri,

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    windowsin tärkeitä ei saa poistaa!
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe sun javan asennus exe


    EDIT : O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 siitä löytyy Microsoft Office, joka sisältää m.m microsoft powerpoint word excel jne .
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
    en olekkkaan siitä niin varma
     
    Last edited: Jan 25, 2006
    spuge9, Jan 25, 2006
    #4
  5. teppoI

    teppoI Moderator Staff Member

    Joined:
    Apr 30, 2005
    Messages:
    4,166
    Likes Received:
    4
    Trophy Points:
    48
    itsellänikin ovat nuo soundman ja ALCWZRD... ja ovat äänikortinajurit...(Toden näköisesti sinulla on integroitunäyttis)

    CTFMONia älä poista!!!! Ja suosittelen CCleneria, omasta mielestäni tehokkaampi ja silmälle sopivampi kuin EasyCleaner...
     
    teppoI, Jan 25, 2006
    #5
  6. arzuma

    arzuma Member

    Joined:
    Jan 25, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Kiitos vastanneille :) Edelleen epäselväksi jäi nuo:

    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
     
    Last edited: Jan 26, 2006
    arzuma, Jan 25, 2006
    #6
  7. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Lokihan oli puhdas. Käynnistyviä ohjelmia tosin voisi ottaa pois tai sitten täällä neuvomme tarpeen mukaan sen.

    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    Ylimääräinen rivit siellä IE:n oikean näppäimen valikossa
    koskien Microsoft office.

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class)
    ActiveX Objekti koskien MSN

    Onkos muutoin mitään vikaa ollut?
     
    aaxxeell, Jan 26, 2006
    #7
  8. arzuma

    arzuma Member

    Joined:
    Jan 25, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Toimin kuten on monessa muussa keskustelussa hyväksi saanottu, eli poistin turhaan käynnistyviä ohjelmia msconfigin kautta. Ilmeisesti tämän seurauksena tuli seuraava oire, alapalkki ja käynnistä-valikko muuttui sinipohjaisesta valkopohjaiseksi ja en onnistunu muuttamaan taustaväriä takaisin siniseksi.Muistaakseni ME winukassa on samannäköiset nuo. Olisko jollakin vinkkiä moiseen.

    Varsinaista ongelmaa en ole koneen toiminnassa muuten havainnut muuta kuin käyttäjän mielipuolisen innostuksen säätää milloin mitäkin asetusta :)

    Logfile of HijackThis v1.99.1
    Scan saved at 17:45:47, on 1.2.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Norman\Nvc\BIN\NPFSVICE.EXE
    C:\Norman\Bin\Zanda.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\BIN\nipsvc.exe
    C:\Norman\bin\NJEEVES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Norman\bin\ZLH.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Norman\Npf\BIN\npfmsg2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    EDIT: Sen verran täytyy vielä lisätä, että olen yrittänyt saada msnmsg:n pois automaattisesti käynnistyvien ohjelmien listalta tosin laihoin tuloksin, käyttäen milloin HJT:tä ja msconfigia ja ccleaneria yhdessä ja erikseenkin.

    Eli messenger tulee uudestaan käynnistyvien listalle jos sitä käyttää ja sitten taas sammuttaa, tuossa logissa sitä ei näy.
     
    Last edited: Feb 1, 2006
    arzuma, Feb 1, 2006
    #8
  9. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    MSN Messenger saa helposti pois käynnistyvistä:

    Avaa Messenger -> Työkalut -> Asetukset -> Yleiset -> Ota ruksi pois kohdasta suorita Messenger automaattisesti.
     
    aaxxeell, Feb 22, 2006
    #9

Share This Page