Mikähän pöpö mahtaapi olla kyseessä kun Active Portsilla katson netstattia ja nään tälläisen http://imageshack.us/photo/my-images/853/popoa.jpg/ ja lista jatkuu ja jatkuu vaikka kuinka pitkälle.
Liitän vielä hijackthissin login.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:14, on 20.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\devldr32.exe
I:\Program files\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
I:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\vmnetdhcp.exe
I:\Program Files\VMware\VMware Server\vmware-authd.exe
I:\Program Files\VMware\VMware Server\vmware-hostd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
I:\Program Files\Oracle\VirtualBox\VirtualBox.exe
I:\PROGRA~1\Oracle\VIRTUA~1\VBoxSVC.exe
I:\Program Files\aMSN\bin\wish.exe
K:\Program Files\Steam\steam.exe
I:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
i:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program files\Microsoft Office\Office14\POWERPNT.EXE
C:\WINDOWS\TEMP\avee\setup.exe
C:\WINDOWS\TEMP\cjwm\setup.exe
C:\Program files\Mozilla Firefox\firefox.exe
C:\Program files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\TeemuK\Omat tiedostot\Lataukset\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJxdm342YYfi&ptb=GvxdAxNLsb.gvti7brBrPg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
R3 - URLSearchHook: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Program Files\AresTube2\tbAre2.dll
R3 - URLSearchHook: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Program Files\AresTube2\tbAre2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AresTube2 Toolbar - {dbbe01d1-5a24-48db-ae99-bd025b80b9e7} - C:\Program Files\AresTube2\tbAre2.dll
O3 - Toolbar: Feedburner Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NBAgent] "I:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RGSC] I:\Program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = I:\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000338&p=ZJxdm342YYfi&si=&a=GvxdAxNLsb.gvti7brBrPg&n=2010122718
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNoten linkitetyt &muistiinpanot - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\program files\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: i:\program files\vmware\vmware server\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: uximert - C:\Documents and Settings\NetworkService\Local Settings\Application Data\uximert.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AMService - Lcknfvklyr Software - C:\WINDOWS\TEMP\cjwm\setup.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TomTomHOMEService - TomTom - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - i:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - I:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - I:\Program Files\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - I:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - I:\Program Files\VMware\VMware Server\vmVssWriter.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 14139 bytesTsekkaa tämä: http://www.f-secure.com/virus-info/hoax/finnish/
Tai kato: http://www.f-secure.com/en_EMEA-Labs/security-threats/virus/
Ja sitten:http://www.f-secure.com/en_EMEA-Labs/security-threats/threat-removal/
Ja muuten, mullaki on koko ajan se svchost.exe . Se kai ei mikään virus ole.
C:\WINDOWS\TEMP\avee\setup.exe
C:\WINDOWS\TEMP\cjwm\setup.exe
Mitäs nuo on? Eihän temppien setup ohjelmien kuuluisi jäädä päälle pyörimään.
Ja siis kun otat prosessilistaa niin sammuta kaikki mahdollinen ylimääräinen pois, jos nyt virustorjuntaa ja palomuuria lukuunottamatta.
Kuten huomaat niin portteja kuuntelee System, ei svchost.
Noh tämä ongelma ratkesi BSODilla jonka jälkeen konetta ei saanut palautettua, joten eikun asentamaan uusiksi...
Aihe on jo aika vanha, joten et voi enää vastata siihen.