Virusinfektio

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Guuna, Dec 27, 2009.

  1. Guuna

    Guuna Guest

    Noniin, olen toisella koneella kun omassa koneessa on ilmeisesti virus. Kuvaruudulle pomppailee "varoitus"viestejä, että koneessasi on virus ja sinun tulisi ladata suojauksia ym. Viesteissä varoitetaan mm. seuraavista viruksista:

    Backdoor.win32.agent.ich
    Net-worm.win32.DipNet.d
    Trojan.win32.agent.dcc
    Backdoor.win32.kbot.al
    Email-worm.win32.Netsky.q
    Rootkit.win32.agent.pp
    Virus.win32.Hala.a

    Otin omasta koneesta nettijohdon pois samantien. Tämänlisäksi kun menee ohjauspaneelin kautta tietoturvakeskukseen, se sanoo olevansa pois päältä. Tällä hetkellä tarkistan konetta omalla Normanin scannerilla sekä Malwarebyte's antimalware -ohjelmalla, joka on ennenkin poistanut kokonaan samantyyppisen viruksen. Norman on väliajoin huomannut trojalaisen ja laittanut karanteenin, mutta viestejä tupsahtelee edelleen. Entä jos Malwarebyte'skään ei löydä mitään? Yritän postata hjt -login kunhan keksin miten..

    28.12 Edelleen on jotan köhnää koneessa.

    Code:
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 0:51:48, on 28.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Norman\Npm\Bin\scheduler.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hjt\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.fi/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8422 bytes
     
    Last edited by a moderator: Dec 28, 2009
    Guuna, Dec 27, 2009
    #1
  2. Guuna

    Guuna Guest

    jaahas
     
    Last edited by a moderator: Dec 28, 2009
    Guuna, Dec 27, 2009
    #2
  3. Quiote

    Quiote Moderator Staff Member

    Joined:
    Dec 20, 2005
    Messages:
    2,215
    Likes Received:
    0
    Trophy Points:
    46
    Guuna, yksi ketju / aihe riittää. Lisäksi uuden viestin kirjoittaminen oman viestin jälkeen on kielletty, sen sijaan muokkaa aikaisempaa viestiäsi.

    LUE: Keskustelualueiden säännöt
     
    Quiote, Dec 27, 2009
    #3

Share This Page