Logfile of HijackThis v1.99.1 Scan saved at 17:30:18, on 11.3.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE C:\PROGRAM FILES\NORMAN\Nvc\BIN\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\Program Files\norman\NVC\BIN\Zanda.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\NYMSE.EXE C:\PROGRAM FILES\NORMAN\Nvc\BIN\NIP.EXE C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE C:\WINDOWS\System32\XSM.EXE C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\nvcoas.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\NJEEVES.EXE C:\PROGRAM FILES\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\cclaw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijackthis\hijackthis\HijackThis.exe C:\WINDOWS\notepad.exe C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe C:\PROGRAM FILES\NORMAN\Nvc\BIN\npfmsg2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAM FILES\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O23 - Service: F-Secure Anti-Virus 2004 (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\norman\NVC\BIN\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Xerox-tulostuksen lisäpalvelut (XSM) - Unknown owner - C:\WINDOWS\System32\XSM.EXE
Puhtaalta näyttää joo, paitsi että näyttäis olevan 2 kpl virustorjuntaohjelmia eli ongelmia tiedossa melko varmasti. Nuo kun tuppaavat tapella keskenään koneen hallinnasta.
Jeps, Norman ja F-secihän tuolla on. En vaan ole raaskinut ottaa kumpaakaan pois, ku F-seci on jotenkin paremman oloinen, mutta normanissa on jonkinlainen palomuuriviritelmä itessään. No joo, saishan noita muureja f-secin rinnalle mutta ei ole jaksanut niin hirveesti kiinnostaa... Eteisessä on kyllä D-linkin broadband router, missä on jonkunlainen palomuuri, mutta ite en tiedä pitäiskö olla koneellakin joku...Kertokaahan neuvoja jos tiedätte..
Pista nyt ihmeessä jompikumpi noista. Et tee mitään kahfella virustutkalla. Vie vaan turhaan resursseja. Jätä vaikka F-secure ja sen kaveriksi palomuuriksi Sygate,Zonealarm,Kerio linjalta jokin ilmainen. Itse suosin Sygatea.
No ensimmäisenä neuvoksi niinku tuos jo aiemmin mainittiin ni se toinen virus softa pois sieltä ja äkkiä.. Jos ei tosiaan ole jo ongelmia ni uskoisin että niitä on tulossa. Kaks eri virus softaa saattaa heittää konee nii jumiin et huh huh...
Hyvä huomio Unski5000!! Minä oletin että tuo Norman on palomuuri. Saahan sen Normanin virusohjelman sammutettua jos haluat Securea käyttää, mutta jos kerran on toimiva rautamuuri niin ei kai tuosta Normanista ole paljon hyötyä.
