Voisko joku jeesata!Oon ite aika puupää näitten tietsikoitten kanssa.Kone jökittää ja ruksuttaa pitkään jostain syystä.Löytyykö jotain ylimäärästä...

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Janjuha 07.09.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. Janjuha

    Janjuha Member

    Liittynyt:
    07.09.2006
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 18:54:20, on 7.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    C:\NetLimiter\NetLimiter.exe
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Messanger Plus\MsgPlus.exe
    C:\Daemon\DAEMON Tools\daemon.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Hp\Digital Imaging\Unload\hpqcmon.exe
    C:\Hp\HP Share-to-Web\hpgs2wnd.exe
    C:\Poweriso\PWRISOVM.EXE
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Winamp505\Winamp\winampa.exe
    C:\Powerdvd\PDVDServ.exe
    C:\F-secure\Common\FSM32.EXE
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Hp\HP Share-to-Web\hpgs2wnf.exe
    C:\F-secure\backweb\4476822\Program\SERVIC~1.EXE
    C:\F-secure\Anti-Virus\fsgk32st.exe
    C:\F-secure\Anti-Virus\FSGK32.EXE
    C:\F-secure\backweb\4476822\program\fsbwsys.exe
    C:\F-secure\Common\FSMA32.EXE
    C:\F-secure\Anti-Virus\fssm32.exe
    C:\F-secure\backweb\4476822\Program\fspex.exe
    C:\F-secure\Common\FSMB32.EXE
    D:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Spyware doctor\Spyware Doctor\sdhelp.exe
    C:\F-secure\Common\FCH32.EXE
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wdfmgr.exe
    C:\F-secure\Anti-Virus\fsqh.exe
    C:\F-secure\Common\FAMEH32.EXE
    C:\F-secure\FSPC\fspc.exe
    C:\F-secure\Anti-Virus\fsrw.exe
    C:\F-secure\FSPC\fshttps\fshttps.exe
    C:\F-secure\FWES\Program\fsdfwd.exe
    D:\WINDOWS\System32\alg.exe
    C:\F-secure\Anti-Virus\fsav32.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\F-secure\ANTI-S~1\fsaw.exe
    C:\F-secure\FSGUI\fsguidll.exe
    C:\Modzilla\firefox.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Jani&Piia\Työpöytä\Dc++ Imut\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NetLimiter] C:\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Messanger Plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Daemon\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [CamMonitor] C:\Hp\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Hp\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Poweriso\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Winamp505\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Powerdvd\PDVDServ.exe
    O4 - HKLM\..\Run: [LanguageShortcut] C:\Powerdvd\Language\Language.exe
    O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\jv16 PowerTools 2006\jv16PT.exe -ExecTask "C:\jv16 PowerTools 2006\Tasks\_PrivacyProtector\Task.jvb"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\F-secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\F-secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\F-secure\FSGUI\FSSW.EXE" /reboot
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Messanger Plus\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: F-Secure 2006.lnk = C:\F-secure\backweb\4476822\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Powerpoint\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\F-secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\POWERP~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\F-secure\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\F-secure\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\F-secure\FSPC\fspcmsie.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\F-secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\F-secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154350889031
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\F-secure\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\F-secure\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\F-secure\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\F-secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\F-secure\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\F-secure\Common\FSMA32.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware doctor\Spyware Doctor\sdhelp.exe
     
    Janjuha, 07.09.2006
    #1
  2.  
  3. Jupsu

    Jupsu Active member

    Liittynyt:
    30.12.2005
    Viestejä:
    1,459
    Kiitokset:
    2
    Pisteet:
    68
    otsikkoa voisit vähän lyhentää..:)

    EDIT; otsikkoon kerrot lyhyesti ongelmasi esimerkiksi kone hidastunut hjt.(tuo nyt ei ollut mikään hyvä esimerkki) ja tarkemmat tiedot ongelmasta kerrot viestissä.

     
    Viimeksi muokattu: 07.09.2006
    Jupsu, 07.09.2006
    #2
  4. Jannejt

    Jannejt Moderator Ylläpitäjä

    Liittynyt:
    10.02.2005
    Viestejä:
    5,045
    Kiitokset:
    6
    Pisteet:
    118
    pitkät otsikot eivät ole kiellettyjä.. siirretty kuitenkin hjt -alueelle.
     
    Jannejt, 07.09.2006
    #3
  5. Jupsu

    Jupsu Active member

    Liittynyt:
    30.12.2005
    Viestejä:
    1,459
    Kiitokset:
    2
    Pisteet:
    68
    ok.. noi ei vaan oikee mun silmään oo mukavii noi pitkät..:)
     
    Jupsu, 07.09.2006
    #4
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu