Gritical System warning.. apuja kiitos

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Pukli, Nov 22, 2007.

  1. Pukli

    Pukli Regular member

    Joined:
    Oct 17, 2007
    Messages:
    303
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:20:06, on 22.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    E:\AVG\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    E:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\regsvr32.exe
    e:\F-Secure\Anti-Virus\fsgk32st.exe
    e:\F-Secure\Anti-Virus\FSGK32.EXE
    e:\F-Secure\Anti-Virus\fssm32.exe
    E:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    e:\F-Secure\Common\FSMA32.EXE
    e:\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\wscntfy.exe
    e:\F-Secure\Common\FCH32.EXE
    e:\F-Secure\Common\FAMEH32.EXE
    e:\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\system32\rundll32.exe
    e:\F-Secure\Anti-Virus\fsav32.exe
    e:\F-Secure\DFW\Program\fsdfwd.exe
    e:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    E:\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    E:\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\Explorer.EXE
    E:\Leevi\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [F-Secure TNB] "e:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [F-Secure Manager] "e:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [xohujqby] rundll32.exe "C:\Program Files\xohujqby\pmhcncby.dll",Init
    O4 - HKLM\..\Run: [pgxwvwds] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pgxwvwds.dll"
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKCU\..\Run: [Steam] "j:\counter strike sourse\steam.exe" -silent
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [igndlm.exe] E:\Download manager\DLM.exe /windowsstart /startifwork
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Pelit\Local Settings\Temp\{0571548E-351A-4CCA-ABA0-B3FB690EF7FE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - E:\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Avaa uudessa Avant Browserissa - E:\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Etsi - E:\Avant Browser\Search.htm
    O8 - Extra context menu item: Korosta - E:\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Lisää torjuttavien mainosten luetteloon - E:\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - E:\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB4A1DE-5908-4E68-9600-0E5907C44C5A}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\AVG\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - e:\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - e:\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - e:\F-Secure\DFW\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\F-Secure\Common\FSMA32.EXE
    O23 - Service: HDD Temperature (HDDTService) - Unknown owner - E:\Temp\HDDTSvc.exe (file missing)
    O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
    O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://wallpapers.insanepwning.net/albums/00660_splash_1024x768.jpg

    --
    End of file - 7756 bytes
    Tarkistaisko joku, monet kiitokset.
     
    Pukli, Nov 22, 2007
    #1
  2. Pukli

    Pukli Regular member

    Joined:
    Oct 17, 2007
    Messages:
    303
    Likes Received:
    0
    Trophy Points:
    26
    Tässä koitin tuolla Spy-bot:lla ajaa ja se löysi pari jta... ongelmaa koneelta. klickkasin korjaa ongelmat painiketta ja koneen näytölle pommpasi muutama kpl mustia komentorivin tapaisia ikkunoita, kone jäi jumiin ja käynnistin uusiks sama toistuu toisellakin kertaa mikä neuvoksi?
     
    Pukli, Nov 22, 2007
    #2
  3. Pukli

    Pukli Regular member

    Joined:
    Oct 17, 2007
    Messages:
    303
    Likes Received:
    0
    Trophy Points:
    26
    Eli tällänen ilmotus pomppii kokoaja tuoho ruudulle ja jta outoja kuvakkeita ilmestyy kans työpöydälle cpu jta 40%
    Ilmotukses lukee että:
    your system is probably infected with latest version of spyware.Cyberlog-X.
    Type: spyware
    Infection length 266,129 bytes
    Risk: high
    System affected Windows 95,95, 2000 ,nt 2003 server, Xp
    Behavior: Spyware, Cyberlog-X is a spyware program that monitors user activity, logs keystrokes, and traks web sites visited
    Symptoms: low internet connection speed, Low system performanse, security senter alerts , strange pop up windows
     
    Pukli, Nov 23, 2007
    #3

Share This Page