1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Hjt-logi ja Thunderbird

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi siggsigg 07.02.2006.

  1. siggsigg

    siggsigg Member

    Liittynyt:
    07.02.2006
    Viestejä:
    1
    Kiitokset:
    0
    Pisteet:
    11
    Kiitoksia, teette hyvää työtä!
    Oma kone hidastuu välillä.
    Osaatteko sanoa, miksi Mozillan Thunderbird on mennyt ihan jumiin, ja viestien avaaminen kastää monta minuuttia sen kautta!?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:40:14, on 7.2.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    H:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    H:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    H:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    H:\Program Files\F-Secure\Common\FSMA32.EXE
    H:\Program Files\F-Secure\Common\FSMB32.EXE
    H:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    H:\Program Files\F-Secure\Common\FCH32.EXE
    H:\Program Files\F-Secure\Common\FAMEH32.EXE
    H:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    H:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    H:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    H:\Program Files\F-Secure\Common\FNRB32.EXE
    H:\Program Files\F-Secure\Common\FIH32.EXE
    H:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\System32\CTHELPER.EXE
    H:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    H:\Program Files\Messenger Plus! 3\MsgPlus.exe
    H:\Program Files\Picasa2\PicasaMediaDetector.exe
    H:\Program Files\F-Secure\Common\FSM32.EXE
    H:\WINDOWS\System32\ctfmon.exe
    H:\Program Files\MSN Messenger\msnmsgr.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    H:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    H:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    H:\Program Files\F-Secure\FSGUI\fsguidll.exe
    H:\Program Files\Mozilla Firefox\firefox.exe
    H:\DOCUMENTS AND SETTINGS\ANNUKKA\DESKTOP\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/Ge...368-5DEA385E3647}&r=12.0&v=ISUA 2.2&u=&l=1033
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - H:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "H:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "H:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "H:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "H:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "H:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Pokedoes] H:\DOCUME~1\Annukka\APPLIC~1\GRAMSE~1\option okay tray.exe
    O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = H:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = H:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: &Block this popup - H:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - H:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - H:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: h:\program files\f-secure\fsps\program\fslsp.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105030807325
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - F-Secure Automatic Update - H:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - H:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - H:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - H:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - H:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - H:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: SpywareCleanerService - Unknown owner - H:\Program Files\Spyware Cleaner\SCService.exe (file missing)
     
  2.  
  3. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
    Fixaa seuraavat, eli do a system scan only, laita rastit seuraaviin ja fix checked:

    O4 - HKCU\..\Run: [Pokedoes] H:\DOCUME~1\Annukka\APPLIC~1\GRAMSE~1\option okay tray.exe
    O23 - Service: SpywareCleanerService - Unknown owner - H:\Program Files\Spyware Cleaner\SCService.exe (file missing)

    Sitten käynnistä -> suorita -> services.msc. Etsi listalta SpywareCleanerService, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

    Hae LSPFix tuolta (joko se zippi tai sitten exe).
    http://cexx.org/lspfix.htm

    Tallenna se vaikka työpöydälle tai johonkin hakemistoon.

    Avaa LSPFix

    Laita rasti ruutuun, "I know what I’m doing".

    Klikkaa vasemmassa ruudussa olevaa fslsp.dll , siirrä se oikealla olevaan ruutuun nuolinäppäimellä, klikkaa "Remove" ja sulje LSPFix.

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) poista seuraava:

    H:\DOCUME~1\Annukka\APPLIC~1\GRAMSE~1\option okay tray.exe

    Päivitä Windows.
     
    Viimeksi muokattu: 07.02.2006

Jaa tämä sivu