1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Kone alkanut hyytymään, hjt-logia tarkistettavaksi

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi ajs 29.12.2005.

  1. ajs

    ajs Regular member

    Liittynyt:
    01.03.2002
    Viestejä:
    882
    Kiitokset:
    0
    Pisteet:
    26
    Elikkäs kannettava on alkanut tahmaamaan pikkuhiljaa. Tässä logi jos joku asian osaava viitsisi vilkaista..?
    Kiitos!

    ---------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 9:18:26, on 29.12.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\ajs\Työpöytä\hijackthis_self\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --------------------------------------------------------------
     
  2.  
  3. aaxxeell

    aaxxeell Regular member

    Liittynyt:
    28.07.2005
    Viestejä:
    2,145
    Kiitokset:
    0
    Pisteet:
    46
  4. ajs

    ajs Regular member

    Liittynyt:
    01.03.2002
    Viestejä:
    882
    Kiitokset:
    0
    Pisteet:
    26
    Tässäpätämä eScanin logi:

    File C:\PROGRA~1\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
    File
    C:\Documents and Settings\ajs\Omat tiedostot\www-sivut\vnc-4_1_1-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4110. No Action Taken.
    File
    C:\Documents and Settings\ajs\Työpöytä\Omat Docut\Opera\Opera\profile\cache4\opr00238.js infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Deleted.
    File
    C:\Documents and Settings\ajs\Työpöytä\Omat Docut\Opera\Opera\profile\cache4\opr003HL.js infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06C43E53.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35740CD3.tmp infected by "Trojan.Java.ClassLoader.d" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F3833F6.js infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41AB3C96.cla infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\610325D1.tmp infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67F3003D.cla infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\68107A1C.cla infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\685B3FCA.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E30335F.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\709C5CB5.cla infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D8F5475.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2F5DC5.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\Opera\Mail\store\account1\2005-02.mbs infected by "Trojan-Spy.HTML.Bankfraud.dq" Virus. Action Taken: File Deleted.
    File
    C:\Program Files\VNC Viewer\vnc-4.0-x86_win32_viewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP159\A0031904.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP159\A0031914.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP159\A0031917.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP184\A0035676.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP184\A0035677.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP184\A0035678.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP184\A0035679.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File
    C:\System Volume Information\_restore{4987A400-9161-4B27-A8D0-A4BA9F4E9FC1}\RP184\A0035680.exe infected by "Trojan-Downloader.Win32.Small.bws" Virus. Action Taken: File Deleted.
    File

     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jos tuo VNC ei ole itse asentamasi, poista se. Muuten tuo on ok.
     
  6. ajs

    ajs Regular member

    Liittynyt:
    01.03.2002
    Viestejä:
    882
    Kiitokset:
    0
    Pisteet:
    26
    On itse asennettu ja käytössä..
    Kiitos tarkistuksesta :)

    Täytynee alkaa hommaamaan lisää muistia ton tukkoisuuden hoitoon..
     
    Viimeksi muokattu: 29.12.2005
  7. aaxxeell

    aaxxeell Regular member

    Liittynyt:
    28.07.2005
    Viestejä:
    2,145
    Kiitokset:
    0
    Pisteet:
    46
    Olekos muuten eheyttänyt levyä aikoihin ja poistanut turhat temp tiedostot sun muut historiat koneelta?
     

Jaa tämä sivu