Taas yks HJT logi

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi M1KKE 02.09.2005.

  1. M1KKE

    M1KKE Member

    Liittynyt:
    24.03.2005
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Mitähän tämä tahtoo sanoa..



    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\AVPersonal\AVGUARD.EXE
    E:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    E:\Program Files\AVPersonal\AVWUPSRV.EXE
    E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\WINDOWS\System32\RunDll32.exe
    E:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\AVPersonal\AVGNT.EXE
    E:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\WINDOWS\system32\ntvdm.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    C:\hjt\HijackThis.exe
    E:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CnxDslTaskBar] E:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] E:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [SiS KHooker] E:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVGCtrl] "E:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [update] C:\WINDOWS\update\hide C:\WINDOWS\update\ess.bat
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124444385033
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.237.96.170/activex/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Autodata Limited License Service - Unknown owner - E:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2.  
  3. pkaksp

    pkaksp Moderator Ylläpitäjä

    Liittynyt:
    11.01.2005
    Viestejä:
    12,231
    Kiitokset:
    53
    Pisteet:
    128
    Ainakin sen, että käytät 2 päällekkäistä virustorjuntaa. Se hidastaa konetta eikä siitä ole hyötyä. Poista toinen.
     
  4. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Lokin yläosa puuttuu, mutta antaa olla.

    Fixaa tuo rivi:

    O4 - HKCU\..\Run: [update] C:\WINDOWS\update\hide C:\WINDOWS\update\ess.bat

    Käynnistä vikasietotilaan (jos XP, niin F8 käynnistyksen yhteydessä, jos 9x/Me, niin ctrl käynnistyksen yhteydessä) ja poista hakemisto:

    C:\WINDOWS\==>update<==

    Käynnistä uudestaan ja laita uusi loki.

    Ja tosiaan, kuten pkaksp jo sanoi, ota joko AntiVirin tai Nortonin taustasuojaus pois päältä.

     
  5. M1KKE

    M1KKE Member

    Liittynyt:
    24.03.2005
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Tässä olis uutta lokia.. Poistin sen Antivirin kokonaan käytöstä. Oliko ok?

    Logfile of HijackThis v1.99.1
    Scan saved at 17:22:56, on 2.9.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\System32\RunDll32.exe
    E:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    E:\WINDOWS\System32\wuauclt.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [CnxDslTaskBar] E:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] E:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [SiS KHooker] E:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
    O4 - HKLM\..\Run: [AVGCtrl] "E:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124444385033
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.237.96.170/activex/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: Autodata Limited License Service - Unknown owner - E:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  6. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Loki on kunnossa.
     
  7. M1KKE

    M1KKE Member

    Liittynyt:
    24.03.2005
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    ok. kiitti avusta.
     

Jaa tämä sivu