1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

HijackThis -logi, onko jotain epäilyttävää..?

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Moolokki 06.01.2006.

  1. Moolokki

    Moolokki Regular member

    Liittynyt:
    01.12.2003
    Viestejä:
    155
    Kiitokset:
    0
    Pisteet:
    26
    Hei!

    Voisiko joku viisaampi käydä läpi HijackThis -logini, ja sanoa onko siellä mitään hämäräperäistä. Spybot ainakin kertoo löytäneensä cmdServices -jutun, jota se ei pysty poistamaan. Kiitos jo etukäteen.

    Logfile of HijackThis v1.99.1
    Scan saved at 13:14:36, on 6.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    D:\Torrent files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 67.33.22.37 L2authd.lineage2.com
    O1 - Hosts: 67.33.22.37 L2testauthd.lineage2.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2.  
  3. spertti

    spertti Active member

    Liittynyt:
    01.06.2005
    Viestejä:
    1,222
    Kiitokset:
    0
    Pisteet:
    66
  4. Moolokki

    Moolokki Regular member

    Liittynyt:
    01.12.2003
    Viestejä:
    155
    Kiitokset:
    0
    Pisteet:
    26
    Jep, eli se Sango XBMS Server Service liittyy todellakin Xboxiin.
    Mutta tässä olisi ne logit.

    ewido ensin:
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 14:40:46, 6.1.2006
    + Report-Checksum: D403A428

    + Scan result:

    No infected objects found.


    ::Report End


    Sitten eScan:

    File C:\Documents and Settings\Moolokki\Local Settings\Temp\cmdinst.exe tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.
    File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
    File C:\Program Files\Norton AntiVirus\Quarantine\16197FF9.class infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\17595EFD.class infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\1A313E94.exe infected by "Trojan-Downloader.Win32.IstBar.lo" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\1C327E60 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\1C3F0D34 infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\29601D27 infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\46A94EA7.class infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted.
    File C:\Program Files\Norton AntiVirus\Quarantine\7ED53899.exe infected by "not-virus:Hoax.Win32.Renos.aj" Virus. Action Taken: File Renamed.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP202\A0063420.exe infected by "not-virus:Hoax.Win32.Renos.aj" Virus. Action Taken: File Renamed.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP203\A0063695.exe infected by "not-virus:Hoax.Win32.Renos.aj" Virus. Action Taken: File Renamed.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP213\A0065900.exe infected by "Trojan-Downloader.Win32.Adload.l" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP213\A0065901.exe infected by "Trojan-Downloader.Win32.Adload.l" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP216\A0067157.EXE infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP216\A0067158.EXE infected by "Trojan.Win32.StartPage.aha" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP216\A0067160.exe infected by "not-virus:Hoax.Win32.Renos.aj" Virus. Action Taken: File Renamed.
    File D:\Softaa\Sekalaiset\mIRC\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
    File D:\System Volume Information\_restore{37D10BB5-9BCB-4FBA-B5A4-0218D2986FD9}\RP213\A0065919.exe infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

    Ainakaan ewido ei tainnut löytää mitään. Entäs tuo toinen..?
     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tyhjennä nämä hakemistot (eli poista kaikki tiedostot)

    C:\Documents and Settings\Moolokki\Local Settings\Temp\
    C:\Program Files\Norton AntiVirus\Quarantine\

    Muuten on ok :)
     
  6. Moolokki

    Moolokki Regular member

    Liittynyt:
    01.12.2003
    Viestejä:
    155
    Kiitokset:
    0
    Pisteet:
    26
    Homma selvä :)
    Kiitoksia paljon avusta.
     

Jaa tämä sivu