Hjt-loki

Edna · Feb 20, 2006

Eli tässä tulisi taas...

Logfile of HijackThis v1.99.1
Scan saved at 21:05:22, on 20.2.2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\system32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\NMSSvc.exe
C:\Norman\Bin\Zanda.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\Norman\bin\ZLH.EXE
C:\WINNT\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\soundman.exe
C:\WINNT\system32\internat.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINNT\system32\stisvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Nvc\BIN\NPFSVICE.EXE
C:\Norman\Npf\Bin\npfmsg2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\WINNT\system32\ntvdm.exe
C:\Norman\bin\niu.exe
C:\Norman\Npf\Bin\Npfc.exe
C:\Norman\Nvc\BIN\NVCOD.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:2561
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC09A1F6-A639-4EC7-B727-C72CCAFF6988}: NameServer = 212.226.226.1,192.26.119.4
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe

mawdrgn · Feb 20, 2006

O4 - HKCU\..\Run: [internat.exe] internat.exe

Tämä on monen madon, viruksen ja troijalaisen lisäämä prosessi. Älä kuitenkaan vielä fiksaa mitään.

[bold]Oletko ajanut virusskannerisi, eWidon, ja jonkun Online-virusskannerin?[/bold]

V-kos · Feb 20, 2006

Logi on Puhdas.

Windows 2000:seen sp4 on viimeisin päivitys:
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.mspx

Ja sitten tuossa Normanissahan taitaa olla palomuuri samassa ja sulla kuitenkin näyttäisi olevan myös Zone Alarm käytössä. Eli poista Zone Alarm tai poista Norman ja asenna joku kevyemi ilmainen antivirus softa esim. Avast. Suosittelisin jälkimmäistä vaihtoehtoa.

-kemisti- · Feb 20, 2006

@mawdrgn: internat.exe on win2000:n oma prosessi.

mawdrgn · Feb 21, 2006

Ok. Jos se on XP:ssä niin onko se sitten pahis?

-kemisti- · Feb 21, 2006

Kyllä, on pahis XP:ssä.

Log in or Sign up

Hjt-loki

Edna Guest

mawdrgn Regular member

V-kos Regular member

-kemisti- Active member

mawdrgn Regular member

-kemisti- Active member

Share This Page

Log in or Sign up

Hjt-loki

Edna Guest

mawdrgn Regular member

V-kos Regular member

-kemisti- Active member

mawdrgn Regular member

-kemisti- Active member

Share This Page

Useful Searches