Kone takkuilee ja avaa itsestään IE:n

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Bomcola, Jan 21, 2008.

Thread Status:
Not open for further replies.
  1. Bomcola

    Bomcola Regular member

    Joined:
    Apr 24, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Oli ongelmana että kone ihan sika hidas ja jumittaa kokoajan. Uutena temppuna tuli että kone käynnistää IE satunnaisin väliajoin. Mutta viisaat näkee onko logissa jotain.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:14:05, on 21.1.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\Program Files\Creative\ShareDLL\CtNotify.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\Creative\ShareDLL\Mediadet.exe
    D:\Program Files\Steam\Steam.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
    D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files\Messenger\MSMSGS.EXE
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\mIRC\mirc.exe
    D:\Documents and Settings\Boom\Työpöytä\HiJackThis_v2.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {3B08A754-D864-458D-A4A7-038D4295C6A7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: VistaStart.lnk = D:\Program Files\Windows Vista Basic\vistastart\VistaStart1.3.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - .DEFAULT Startup: VistaStart.lnk = D:\Program Files\Windows Vista Basic\vistastart\VistaStart1.3.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: VistaStart.lnk = D:\Program Files\Windows Vista Basic\vistastart\VistaStart1.3.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181846817312
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe
    O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - D:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10811 bytes
     
    Bomcola, Jan 21, 2008
    #1
Thread Status:
Not open for further replies.

Share This Page