Hei vaan, netti on tökkinyt tosi pahasti jonkin aikaa. Viruksia ei löydy ja spywarea sun muuta on ajettu kyllästymiseen saakka. Meinasin ajaa C:n sileeksi mutta sitten löysin täältä apua.. Suhteellisen urpo olen näiden asioiden kanssa mutta tässä ois tää mun logi, josko joku vois auttaa tyttörukkaa. Kiitän suuresti avusta.. Logfile of HijackThis v1.99.1 Scan saved at 20:28:50, on 18.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\program files\Common\FSM32.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\a-squared\a2guard.exe C:\Program Files\Logitech\Video\FxSvr2.exe e:\program files\Anti-Virus\fsgk32st.exe e:\program files\Anti-Virus\FSGK32.EXE E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe e:\program files\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe e:\program files\Common\FSMA32.EXE e:\program files\Common\FSMB32.EXE e:\program files\Common\FCH32.EXE e:\program files\Common\FAMEH32.EXE E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe e:\program files\Common\FNRB32.EXE e:\program files\Common\FIH32.EXE e:\program files\Anti-Virus\fsav32.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE E:\Program Files\Winamp\winamp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wfqtzslciphgiv.com/lR114LWwQ5fvlRU6XflQUbuPu7YdKWyKV5wokrKj_sh8f7aplNRug0pAs0rkoPAA.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll O4 - HKLM\..\Run: [F-Secure Manager] "e:\program files\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing) O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\program files\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\program files\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\program files\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\program files\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\program files\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
Fixaa tämä (do a system scan only, merkkaa ja paina fix checked): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wfqtzslciphgiv.com/lR114LWwQ5fvlRU6XflQUbuPu7YdKWyKV5w... Käynnistä kone uudelleen. Lisäksi voisit ajaa ewidon -> http://www.ewido.net/en/download Asenna, päivitä ja skannaa. Anna poistaa, mitä löytää ja tallenna raportti. Lähetä sitten ewidon raportti ja uusi HjT-loki tänne.
Dodih, tunnin se vei.. Mutta tässä nyt Ewidon rapsu ja uusi HJT-logi: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 22:20:00, 18.11.2005 + Report-Checksum: 53A6A320 + Scan result: :mozilla.7:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.8:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.19:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.20:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.21:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.22:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.27:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.28:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.29:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.30:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.31:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.32:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.34:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.40:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.52:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.53:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.54:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.55:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.56:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.57:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.61:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup :mozilla.62:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup E:\Program Files\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 22:19:40, on 18.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\program files\Common\FSM32.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\a-squared\a2guard.exe C:\Program Files\Logitech\Video\FxSvr2.exe e:\program files\Anti-Virus\fsgk32st.exe e:\program files\Anti-Virus\FSGK32.EXE E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe e:\program files\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe e:\program files\Common\FSMA32.EXE e:\program files\Common\FSMB32.EXE e:\program files\Common\FCH32.EXE e:\program files\Common\FAMEH32.EXE C:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe e:\program files\Common\FNRB32.EXE e:\program files\Common\FIH32.EXE e:\program files\Anti-Virus\fsav32.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll O4 - HKLM\..\Run: [F-Secure Manager] "e:\program files\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\program files\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\program files\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\program files\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\program files\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\program files\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
