Siirretty palstalle... Logfile of HijackThis v1.99.1 Scan saved at 11:30:49, on 5.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://elisa.net/paketti/haku.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Tuki - {600DFBB2-9BEC-4B66-9970-D151F45FA2C0} - http://tuki.elisa.net/ (file missing) (HKCU) O9 - Extra button: Palvelut - {923CECFE-A3F5-4BB1-80E3-88ED46DF2A1D} - http://service.kolumbus.fi/ (file missing) (HKCU) O9 - Extra button: SMS-viesti - {DEBC6863-85AB-44FC-9482-1BCAF1C83249} - http://sms.kolumbus.fi/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A999BF-62E9-440A-8888-0108D6EC5179}: NameServer = 193.229.0.46,193.229.0.42 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Tarkistettu.... Fixaa eli: (Avaa Hijackthis ohjelma ->klikkaa do a system scan only -> merkkaa [bold] vain [/bold] seuraava rivi -> O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 -> ja paina alalaidassa olevaa fix cheked) Lataa ewido -> http://www.ewido.net/en/download/ Päivitä(update), aja koko kone läpi (complete system scan), poista mitä löytää(remove, tarkistuksessa), tallenna raportti (Save report ja tallenna hakemistoon),lähetä se tänne ja käynnistä kone uudelleen. Lähetä sitten uusi hijackthis lokisi tähän alle.
On hyvä suoja, mutta ei ewidosta ole mitään haittaa ja se voi löytää sellaisia haittaohjelmia, joita Norton ei löydä ja on yhteensopiva sen kanssa. Sitäpaitsi ewidon taustasuojaus ei toimi kuin 14 pv. Tee vaan aaxxeellin ohjeen mukaan
--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 15:35:31, 7.12.2005 + Report-Checksum: 38D334B0 + Scan result: HKU\S-1-5-21-1482476501-1078145449-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@bilbo.counted[2].txt -> Spyware.Cookie.Counted : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@counter3.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wfkyekdzogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wfl4ckdzkho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wfliuldjcfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wfmyckdjohq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wfmyggc5egq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wgkigoajmep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wgkiwndpmaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjk4qnczwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjlogkdjogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjlowgajoeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjlyand5wkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjmycjd5kfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjmyupd5ekp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@e-2dj6wjnysjdpahq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ehg-hitent.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ehg-ignitemedia.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ehg-teliasonera.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Cookies\järjestelmänvalvoja@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Cookies\järjestelmänvalvoja@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Cookies\järjestelmänvalvoja@ehg-teliasonera.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Cookies\järjestelmänvalvoja@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temp\Cookies\järjestelmänvalvoja@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup ::Report End & Logfile of HijackThis v1.99.1 Scan saved at 11:30:49, on 5.12.2005 Vanha Hjt loki.