Virusta herjaa.. hjt ja muu logi mukana

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by moomi79, May 2, 2010.

Thread Status:
Not open for further replies.
  1. moomi79

    moomi79 Regular member

    Joined:
    May 6, 2008
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    26
    Tämmöstä logii :( F secure ei pysty poistaa kaikkee mikä neuvoks?





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:10:02, on 2.5.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\DOCUME~1\Omistaja\LOCALS~1\Temp\fsonlinescanner.exe
    C:\DOCUME~1\Omistaja\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    C:\DOCUME~1\Omistaja\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1187985323750
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187985304703
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 6047 bytes












    Haittaohjelmia löytyi 14
    TrackingCookie.Atdmt (vakoiluohjelma)
    Järjestelmä (Puhdistettu)
    TrackingCookie.Adform (vakoiluohjelma)
    Järjestelmä (Puhdistettu)
    TrackingCookie.Webtrends (vakoiluohjelma)
    Järjestelmä (Puhdistettu)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\DAEMON TOOLS\CHKUPD.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\REQUIRED\DROPLET TEMPLATE.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\EHDOLLINEN TILAMUUTOS.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\RAJOITA 64 PIKSELIIN.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\RAJOITA 300 PIKSELIIN.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\TALLENNA MUODOSSA JPEG NORMAALI.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\TALLENNA PHOTOSHOPIN PDF-MUODOSSA.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\TEE SEEPIASÄVY.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\TEE PAINIKE.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\VARJOKEHYS.EXE (Ei puhdistettu & Lähetetty)
    Suspicious:W32/Malware!Gemini (virus)
    C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\ESIMERKIT\DROPLET-OHJELMAT\PHOTOSHOPIN DROPLET-OHJELMAT\VANHA VALOKUVA.EXE (Ei puhdistettu & Lähetetty)

    --------------------------------------------------------------------------------

    Tilastot
    Tarkistettu:
    Tiedostot: 38423
    Järjestelmä: 3981
    Ei tarkistettu: 7
    Toimenpiteet:
    Puhdistettu: 3
    Nimetty uudelleen: 0
    Poistettu: 0
    Ei puhdistettu: 11
    Lähetetty: 11
    Tarkistamattomat tiedostot:
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\_LCK\_NUA0
     
    moomi79, May 2, 2010
    #1
Thread Status:
Not open for further replies.

Share This Page