Hijackthis - Logi

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi odie01 28.06.2005.

  1. odie01

    odie01 Regular member

    Liittynyt:
    31.10.2004
    Viestejä:
    299
    Kiitokset:
    0
    Pisteet:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 12:25:06, on 28.6.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Samurize\Client.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijack this\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 62.75.224.159 www.bns1.net
    O1 - Hosts: 62.75.224.159 www.bns2.net
    O1 - Hosts: 62.75.224.159 www.bns3.net
    O1 - Hosts: 62.75.224.159 www.bns4.net
    O1 - Hosts: 62.75.224.159 www.bns5.net
    O1 - Hosts: 62.75.224.159 www.bns6.net
    O1 - Hosts: 62.75.224.159 www.bns7.net
    O1 - Hosts: 62.75.224.159 www.bns8.net
    O1 - Hosts: 62.75.224.159 www.cms1.net
    O1 - Hosts: 62.75.224.159 www.cms2.net
    O1 - Hosts: 62.75.224.159 www.cms3.net
    O1 - Hosts: 62.75.224.159 www.cms4.net
    O1 - Hosts: 62.75.224.159 www.cms5.net
    O1 - Hosts: 62.75.224.159 www.cms6.net
    O1 - Hosts: 62.75.224.159 www.cms7.net
    O1 - Hosts: 62.75.224.159 www.cms8.net
    O1 - Hosts: 62.75.224.159 www.rg1.com
    O1 - Hosts: 62.75.224.159 www.rg2.com
    O1 - Hosts: 62.75.224.159 www.rg3.com
    O1 - Hosts: 62.75.224.159 www.rg4.com
    O1 - Hosts: 62.75.224.159 www.rg5.com
    O1 - Hosts: 62.75.224.159 www.rg6.com
    O1 - Hosts: 62.75.224.159 www.rg7.com
    O1 - Hosts: 62.75.224.159 www.rg8.com
    O1 - Hosts: 62.75.224.159 www.cjt1.net
    O1 - Hosts: 62.75.224.159 www.rgs1.net
    O1 - Hosts: 62.75.224.159 www.rgs2.net
    O1 - Hosts: 62.75.224.159 www.bns1.net
    O1 - Hosts: 62.75.224.159 www.bns2.net
    O1 - Hosts: 62.75.224.159 www.cms1.net
    O1 - Hosts: 62.75.224.159 www.cms2.net
    O1 - Hosts: 62.75.224.159 bns1.net
    O1 - Hosts: 62.75.224.159 bns2.net
    O1 - Hosts: 62.75.224.159 bns3.net
    O1 - Hosts: 62.75.224.159 bns4.net
    O1 - Hosts: 62.75.224.159 bns5.net
    O1 - Hosts: 62.75.224.159 bns6.net
    O1 - Hosts: 62.75.224.159 bns7.net
    O1 - Hosts: 62.75.224.159 bns8.net
    O1 - Hosts: 62.75.224.159 cms1.net
    O1 - Hosts: 62.75.224.159 cms2.net
    O1 - Hosts: 62.75.224.159 cms3.net
    O1 - Hosts: 62.75.224.159 cms4.net
    O1 - Hosts: 62.75.224.159 cms5.net
    O1 - Hosts: 62.75.224.159 cms6.net
    O1 - Hosts: 62.75.224.159 cms7.net
    O1 - Hosts: 62.75.224.159 cms8.net
    O1 - Hosts: 62.75.224.159 rg1.com
    O1 - Hosts: 62.75.224.159 rg2.com
    O1 - Hosts: 62.75.224.159 rg3.com
    O1 - Hosts: 62.75.224.159 rg4.com
    O1 - Hosts: 62.75.224.159 rg5.com
    O1 - Hosts: 62.75.224.159 rg6.com
    O1 - Hosts: 62.75.224.159 rg7.com
    O1 - Hosts: 62.75.224.159 rg8.com
    O1 - Hosts: 62.75.224.159 cjt1.net
    O1 - Hosts: 62.75.224.159 rgs1.net
    O1 - Hosts: 62.75.224.159 rgs2.net
    O1 - Hosts: 62.75.224.159 bns1.net
    O1 - Hosts: 62.75.224.159 bns2.net
    O1 - Hosts: 62.75.224.159 cms1.net
    O1 - Hosts: 62.75.224.159 cms2.net
    O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
    O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
    O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
    O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 javatar.cjt1.net
    O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
    O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
    O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
    O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
    O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
    O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
    O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
    O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
    O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
    O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
    O1 - Hosts: 62.75.224.159 jhot.cjt1.net
    O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 jicq.cjt1.net
    O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
    O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
    O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
    O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
    O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
    O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
    O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net
    O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
    O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
    O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
    O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
    O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
    O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
    O1 - Hosts: 62.75.224.159 www.m7z.net
    O1 - Hosts: 62.75.224.159 m7z.net
    O1 - Hosts: 62.75.224.159 jcms.cydoor.com
    O1 - Hosts: 62.75.224.159 cydoor.com
    O1 - Hosts: 62.75.224.159 www.cydoor.com
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100352342920
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
    Viimeksi muokattu: 28.06.2005
  2.  
  3. Jercon

    Jercon Member

    Liittynyt:
    25.01.2005
    Viestejä:
    62
    Kiitokset:
    0
    Pisteet:
    16
    hostit vois kaiketi poistaa nimittäin mulla ei niitä ainakaan ole
     
  4. V-kos

    V-kos Regular member

    Liittynyt:
    13.03.2005
    Viestejä:
    1,345
    Kiitokset:
    0
    Pisteet:
    46
    Fixaa

    01 - hosts kaikki
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)

    Windows pitäis päivittää.




     

Jaa tämä sivu