Hjt loki (netti takkuaa)

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Koina 14.11.2005.

  1. Koina

    Koina Guest

    Eli netti sivujen aukeamisessa menee toisinaan minuutteja ja kaikilla mahdollisilla ewidoilla sun muilla on käyty läpi.Mut winukan uudelleen asennuksella korjaantuu,mut kokeillaan tämä viimeisenä oljenkortena.

    Logfile of HijackThis v1.99.1
    Scan saved at 0:36:01, on 15.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    D:\LATE_1\paketit\virtus+softa\dc++-torrent\New Folder\utorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\LATE_1\stuff\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest?updtConfId=45&updtReqId=1512082627
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [µTorrent] "D:\LATE_1\paketit\virtus+softa\dc++-torrent\New Folder\utorrent.exe"
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4576/mcfscan.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
  2.  
  3. aaxxeell

    aaxxeell Regular member

    Liittynyt:
    28.07.2005
    Viestejä:
    2,145
    Kiitokset:
    0
    Pisteet:
    46
    Ei kyl mitään kovin pahaa löytynyt.

    Fixaa (do a system scan only ja laita rasti seuraavaan ja fix):
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
     
    Viimeksi muokattu: 15.11.2005
  4. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
  5. Koina

    Koina Guest

    Eli tätä varmaan tarkoitit
    File C:\Documents and Settings\late\Favorites\porkka\w.Bluemovie.cz - 7000 Movie Wallpapers - Most Popular - Nejprohlíženejsí.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
    File C:\WINDOWS\system32\svch\svchost.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted.
    File D:\LATE_1\ohjelmia\ChrisTv.Professional.v4.70.+.Crack\ChrisTv 4.70 Pro Setup.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted.
    File D:\System Volume Information\_restore{FC41642E-A81B-4481-83C8-B7FBC5909D8C}\RP104\A0037398.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted.
     
  6. winxp

    winxp Member

    Liittynyt:
    27.06.2003
    Viestejä:
    45
    Kiitokset:
    0
    Pisteet:
    16
    Poista myös seuraavat

    kansio

    C:\WINDOWS\system32\[bold]svch[/bold]

    sekä tiedosto

    D:\LATE_1\ohjelmia\[bold]ChrisTv.Professional.v4.70.+.Crack[/bold]

    Ei pitäisi ladata ja käyttää niitä kaiken maailman Crackejä ;)

     
  7. Koina

    Koina Guest

    Enhän minä ku muut poijjaat niitä latailee...Mutta kiitoksia teille. Eteenpäin on menty ja näyttää siltä ettei winukkaa tarvii uudestaan asennella nyt n15 sek niin netti aukee.Jaksamisia ja hattua nostan teidän työlle.Tattis.
     

Jaa tämä sivu