tää HJT...

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi venom99 18.11.2005.

  1. venom99

    venom99 Member

    Liittynyt:
    20.10.2003
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Hei vaan, netti on tökkinyt tosi pahasti jonkin aikaa. Viruksia ei löydy ja spywarea sun muuta on ajettu kyllästymiseen saakka. Meinasin ajaa C:n sileeksi mutta sitten löysin täältä apua.. Suhteellisen urpo olen näiden asioiden kanssa mutta tässä ois tää mun logi, josko joku vois auttaa tyttörukkaa.
    Kiitän suuresti avusta..

    Logfile of HijackThis v1.99.1
    Scan saved at 20:28:50, on 18.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    E:\program files\Common\FSM32.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\a-squared\a2guard.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    e:\program files\Anti-Virus\fsgk32st.exe
    e:\program files\Anti-Virus\FSGK32.EXE
    E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    e:\program files\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    e:\program files\Common\FSMA32.EXE
    e:\program files\Common\FSMB32.EXE
    e:\program files\Common\FCH32.EXE
    e:\program files\Common\FAMEH32.EXE
    E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    e:\program files\Common\FNRB32.EXE
    e:\program files\Common\FIH32.EXE
    e:\program files\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    E:\Program Files\Winamp\winamp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wfqtzslciphgiv.com/lR114LWwQ5fvlRU6XflQUbuPu7YdKWyKV5wokrKj_sh8f7aplNRug0pAs0rkoPAA.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "e:\program files\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\program files\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\program files\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\program files\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\program files\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\program files\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
  4. venom99

    venom99 Member

    Liittynyt:
    20.10.2003
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Dodih, tunnin se vei..
    Mutta tässä nyt Ewidon rapsu ja uusi HJT-logi:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 22:20:00, 18.11.2005
    + Report-Checksum: 53A6A320

    + Scan result:

    :mozilla.7:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Aki Korhonen\Application Data\Mozilla\Firefox\Profiles\rph5k4km.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Anne Kuusisto\Application Data\Mozilla\Firefox\Profiles\vt6aisdx.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    E:\Program Files\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup


    ::Report End




    Logfile of HijackThis v1.99.1
    Scan saved at 22:19:40, on 18.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    E:\program files\Common\FSM32.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\a-squared\a2guard.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    e:\program files\Anti-Virus\fsgk32st.exe
    e:\program files\Anti-Virus\FSGK32.EXE
    E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    e:\program files\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    e:\program files\Common\FSMA32.EXE
    e:\program files\Common\FSMB32.EXE
    e:\program files\Common\FCH32.EXE
    e:\program files\Common\FAMEH32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    e:\program files\Common\FNRB32.EXE
    e:\program files\Common\FIH32.EXE
    e:\program files\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\SecuritySuite.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "e:\program files\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\program files\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\program files\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\program files\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\program files\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\program files\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

     
  5. Disa-

    Disa- Regular member

    Liittynyt:
    06.09.2005
    Viestejä:
    860
    Kiitokset:
    0
    Pisteet:
    26
    Puhdas on.
     
  6. venom99

    venom99 Member

    Liittynyt:
    20.10.2003
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Kiitos!! Ihanaa että olette olemassa! :)
     

Jaa tämä sivu