Nettiongelma. Jokin blokkaa nettiä käyttävät ohjelmat.

ozmok · 07.04.2005

Mikähän ihme on kun tänään iski koneeseen sellainen ongelma että esim. Nettiselaimet, Messenger ja Ad-Awaren päivitys ei ota toimiakseen. Kaikki viruspäivitykset sun muut pitäisi olla kunnossa. mIRC ja DC++ toimivat täysin. Myös komentorivin kautta toimii jos laittaa esim. "ping www.sonera.fi" tai jokin muu nettiosoite. Ja tosiaan hetken toimii ja sitten alkaa Mozilla Firefox ilmoittamaan että yhteys estettiin yhdistäessä "www.sadasdasd.com". Apuja???

Windows XP Pro SP2
Norton Internet Security 2004

AfterDawn

jokke70 · 07.04.2005

Pistä hijackthis loki tänne ja odota et Toymaatti kertoo jatko toimenpiteet. http://koti.mbnet.fi/pattaya1/hijackthis.htm

ozmok · 07.04.2005

kiitoksia. Koitetaan.

ozmok · 07.04.2005

Tuossapa se logi:

Logfile of HijackThis v1.99.1
Scan saved at 20:14:12, on 7.4.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\mIRC\mirc.exe
C:\Kaikki sälät\Ohjelmat\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103139530076
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Blink2PnP - Unknown owner - C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

turska · 07.04.2005

Sulla näyttäisi olevan PeerGuardian koneella,oletko kokeillut ottaa sen pois päältä ja sitten mennä nettiin?PeerGuardian blokkaa aika tehokkaasti moniakin sivuja.

ozmok · 07.04.2005

Juu oon huomannu PeerGuardianin aiheuttavan ongelmia, mutta tässä tapauksessa se ei ole syynä. On koitettu ilman sitä.

Nyt on kyllä aika vakaasti toiminu viimeset pari tuntia. Pitää vielä seurailla.

Toymaatti · 07.04.2005

On siellä yksi mato. Mutta ensimmäiseksi siirrä HjT.exe KANSIOINEEN C:n juureen näin C:\hijackthis\HijackThis.exe

Aja HjT, laita merkki tuon eteen, sulje selain ja muut ikkunat ja klikkaa Fix
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe

Hae eScan, lue ohjeet, päivitä ja scannaa, laita alalaatikon löytölista(jos jotain löytyy)tänne.
http://koti.mbnet.fi/pattaya1/escanmwav.htm

ozmok · 08.04.2005

Juu eScan tarkistelee pian neljättä tuntia. Pistelen logeja kuhan valmistuu. Mutta ei ole ongelmia nyt ollut.

ozmok · 08.04.2005

eScan logi:

File C:\PROGRA~1\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\Documents and Settings\Otso\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-45b55c34-4e955e68.zip infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.

File C:\Kaikki sälät\dc\ValveSteamHack.README-PRIV8.rar infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: File Deleted.

File C:\Kaikki sälät\Keygenit + serialit\Kaikennäköstä - This and that, Cracks, Patches and some Software\Staileja\xp_themes\59374.exe tagged as not-a-virus:AdWare.ToolBar.Quick.a. No Action Taken.

File C:\Kaikki sälät\Ohjelmat\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\Kaikki sälät\Pelit\Oldies\paketit\stunts.zip tagged as not-a-virus:LogoPicture.TheDraw. No Action Taken.

File C:\Kaikki sälät\Pelit\Oldies\stunts\INCINFO.COM tagged as not-a-virus:LogoPicture.TheDraw. No Action Taken.

File C:\Kaikki sälät\Pelit\Worms World Party\wormsworldpartysp1nocdpatchmorglum.zip tagged as not-a-virus:FalseAlarm.DrWeb.Backdoor.Theef.111. No Action Taken.

File C:\Kaikki sälät\Pelit\Worms World Party\wwp-patch.exe tagged as not-a-virus:FalseAlarm.DrWeb.Backdoor.Theef.111. No Action Taken.

File C:\Kaikki sälät\unsorted\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\Kaikki sälät\unsorted\mp3's\SetupSwish200.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\48366DD2.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C2D5281.class infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50E74246.izs infected by "Trojan.JS.Loop" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61281D69 infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A713688.class infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B7B7B5D infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B7E2559 infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{21A984E6-1FC8-436E-B874-4D410C4FBCA6}\RP131\A0023117.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

Toymaatti · 08.04.2005

Noniin, jotain sieltä vielä löytyi, ja poistettiin.
mIRCin kanssa tee niikuin parhaaksi näet. Osa on enemmäntaivähemmän sejasama ja loput on Nortonin hoitamia.
Eli nähdäkseni sulla on nyt suht puhdas kone

mika · 08.04.2005

Ootko kattonut, että palomuurista on komponentilla "Generic host process for win32 services" pääsy nettiin?

ozmok · 08.04.2005

Kiitos kaikille vastauksista. Toimii ja rullaa. ))

Kirjaudu tai liity jäseneksi

Nettiongelma. Jokin blokkaa nettiä käyttävät ohjelmat.

ozmok Regular member

jokke70 Regular member

ozmok Regular member

ozmok Regular member

turska Regular member

ozmok Regular member

Toymaatti Active member

ozmok Regular member

ozmok Regular member

Toymaatti Active member

mika Moderator Ylläpitäjä

ozmok Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Nettiongelma. Jokin blokkaa nettiä käyttävät ohjelmat.

ozmok Regular member

jokke70 Regular member

ozmok Regular member

ozmok Regular member

turska Regular member

ozmok Regular member

Toymaatti Active member

ozmok Regular member

ozmok Regular member

Toymaatti Active member

mika Moderator Ylläpitäjä

ozmok Regular member

Jaa tämä sivu

Hyödyllisiä hakuja