Hijackthis Auttakaa löytää pöpö koneesta

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Elina_60, Apr 7, 2009.

  1. Elina_60

    Elina_60 Member

    Joined:
    Mar 29, 2009
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    16
    Hei Tarviis saada apuu..
    Prossa vetää 100%
    tukkii internet yhteyden
    oon laittanut superantispywaren pari kertaa läpi ei löydä enää mitään
    F secure on konessa
    Motzilla selain ei aukee vain explorer
    kone on aspire 3000
    Kiitos etukäteen

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:51:45, on 7.4.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    C:\Program Files\Welho Tietoturvapalvelu\Common\FSMA32.EXE
    C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Welho Tietoturvapalvelu\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Welho Tietoturvapalvelu\Common\FCH32.EXE
    C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\fssm32.exe
    C:\Program Files\Welho Tietoturvapalvelu\Common\FAMEH32.EXE
    C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\fsqh.exe
    C:\Program Files\Welho Tietoturvapalvelu\FSAUA\program\fsaua.exe
    C:\Program Files\Welho Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Welho Tietoturvapalvelu\FSAUA\program\fsus.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Welho Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Welho Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\fsav32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
    O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Welho Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Welho Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: HP Smart -valitse - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Welho Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Welho Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Welho Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Welho Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Welho Tietoturvapalvelu\ORSP Client\fsorsp.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9230 bytes
     
    Elina_60, Apr 7, 2009
    #1
  2. 79atanos

    79atanos Regular member

    Joined:
    May 19, 2008
    Messages:
    1,945
    Likes Received:
    15
    Trophy Points:
    48
    Kyllähän siitä löytyi sinne kuulumatonta tavaraa.

    http://www.virustorjunta.net/modules.php?name=Forums (HjT-logien analysointi)

    Laita logi tuonne tutkittavaksi, meillä ei ole valitettavasti pitkään aikaan ollut fiksaajia paikalla, ovat tehneet katoamistempun :/

    Älä ihmettele jos tuo sivusto välillä pätkii pahastikin, on välillä suuren kuormituksen alla jota serveri ei meinaa kestää, itsekään en tätä kirjoittaessa sinne pääse. Mutta ihmekös tuo kun näitä haittaohjelmia leviää nykyään aivan tolkuttomasti...
     
    79atanos, Apr 7, 2009
    #2
  3. Elina_60

    Elina_60 Member

    Joined:
    Mar 29, 2009
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    16
    Kiitos kun vastasit... Yritin päästä tuonne mutta tuloksetta enkä päässy edes reksiteröimään.. niillä taitaa olla kiireitä. no laitoin e-mailia ja pyysin apuu.. Kyllä se siitä.. Mukavaa kevään jatkoja
     
    Elina_60, Apr 7, 2009
    #3
  4. 79atanos

    79atanos Regular member

    Joined:
    May 19, 2008
    Messages:
    1,945
    Likes Received:
    15
    Trophy Points:
    48
    Joo, ei yleensä näin pahasti töki, kyseessä joko palvelunestohyökkäys tai serverissä muuten jotain häikkää. Yritä vaan päästä läpi, minäkin sinne pääsin muutaman viesti jo laittamaan ja selailemaan foorumia :)

    Ja kiitos samoin :)
     
    79atanos, Apr 7, 2009
    #4

Share This Page