HJT logi tarkastettavaksi

Discussion in 'Virukset ja haittaohjelmat' started by Frendi, Mar 24, 2006.

  1. Frendi

    Frendi Member

    Joined:
    Mar 3, 2004
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    Kone on muuttunut hieman tahmeaksi käyttää, löytysköhän vika tästä logista.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:15:19, on 24.3.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ExtraFilm Kotona\Agent.exe
    C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Samurize\Client.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\USB Phone Middleware\CmSkype.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
    O4 - HKLM\..\Run: [AWMON] "C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
    O4 - Startup: USB Phone Middleware.lnk = C:\Program Files\USB Phone Middleware\CmSkype.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Avaa Ad-Monitor.lnk = C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
    Frendi, Mar 24, 2006
    #1
  2. mawdrgn

    mawdrgn Regular member

    Joined:
    Jan 2, 2006
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    26
    Puhtaalta näyttää.

    Olisiko aika hankkia Service Pack 2?
     
    mawdrgn, Mar 24, 2006
    #2
  3. Frendi

    Frendi Member

    Joined:
    Mar 3, 2004
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    Mun kone ei tykkää ollenkaan tosta SP2:sta. Olen pari kertaa asentanutkin sen, mut joutunut heti poistaa, koska kone ei toimi sen jälkeen "oikein".
    Olen jostain kuullu, että SP2 pitäisi asentaa heti normaali xp asennuksen jälkeen, mutta tota en ole vielä kokeillut. (menis kaikki ohjelmat uusiksi)
    Tiedä sitten mistä toi koneen hitaus johtuu. Esim. sähköpostien poistaminen kestää nykyisin tuuuurrrkasen kauan (thunderbird), ennen ne poistui ilman ongelmia.
    Mutta kiitos tosta login kattomisesta.
     
    Frendi, Mar 24, 2006
    #3
  4. mawdrgn

    mawdrgn Regular member

    Joined:
    Jan 2, 2006
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    26
    Rekisterin putsaus CCleanerilla ja levyneheytys ;)

    Ja olepa hyvä =)
     
    Last edited: Mar 24, 2006
    mawdrgn, Mar 24, 2006
    #4
  5. Frendi

    Frendi Member

    Joined:
    Mar 3, 2004
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    sain putsattua tolla ohjelmalla, mutta levyn eheytys ei menny läpi, pysähtyi noin 24% paikkeille ja käynnisti koneen uudelleen.
    C asema näytti kyllä olevan aika pahasti sekasi.

    Uudelleen käynnistymisen jälkeen näytölle tuli seuraavat virheilmoitukset:
    http://img462.imageshack.us/img462/9259/herjat6wj.jpg
    Kertooko noi mitään kellekään, vai onko aika asentaa xp uudelleen tyhjälle kovolle?
     
    Frendi, Mar 24, 2006
    #5
  6. mawdrgn

    mawdrgn Regular member

    Joined:
    Jan 2, 2006
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    26
    mawdrgn, Mar 24, 2006
    #6
  7. Frendi

    Frendi Member

    Joined:
    Mar 3, 2004
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    Tästä olis tämä raportti.

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:55:49, 25.3.2006
    + Report-Checksum: C5C38AB6

    + Scan result:

    :mozilla.25:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Pentti Väisänen\Application Data\Mozilla\Firefox\Profiles\ts93athg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\oumapewp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\oumapewp.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup


    ::Report End
     
    Frendi, Mar 24, 2006
    #7
  8. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Otappas nyt sieltä turhaan käynnistyvät ohjelmat pois makusi mukaan huom!:

    avaa Hjt -> scannaa ja merkkaa
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm Kotona\Agent.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
    O4 - Startup: USB Phone Middleware.lnk = C:\Program Files\USB Phone Middleware\CmSkype.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    paina fix cheked.

    Käynnistä kone uudelleen! pitäisi olal enemmän tehoja käytössä.
    lisäksi on toi tarkoituksella: ExtraFilmHemmaAgent ruotiksi ohjelma?

     
    aaxxeell, Mar 24, 2006
    #8
  9. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    @aaxxeell

    Taitaa olla vain tuo prosessin nimi ruotsalainen. :)
     
    blade81, Mar 26, 2006
    #9
  10. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Niin eihän siinä mitään vikaa muutoin :)
    Silti vähän kummastutti.
     
    aaxxeell, Mar 27, 2006
    #10

Share This Page