Tässä tää: Logfile of HijackThis v1.99.1 Scan saved at 20:11:33, on 21.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe C:\WINDOWS\system32\wisptis.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WinGuard Pro] null O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure Internet Security 2005 OEM (BackWeb Plug-in - 1245240) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Kitoss!
Minulla pisti silmään tämä C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe. En tiedä mikä on?
Jaa'a, kun en ole ammattilainen näiden kanssa. Ovatko nämä C:\WINDOWS\system32\LEXBCES.EXE, C:\WINDOWS\system32\LEXPPS.EXE jotain Lexmark tulostimen ohjelmia?
Joo, Lexmarkki mul on, liekö niitä... itekkään oo mikään seppä. Ei tää ny mikään kauheen takku oo tää kone, mut aattelin tarkistuttaa josko jotain löytyis, neuroottinen viruspelkuri. )
Kaikki on reilassa. En löytänyt mitään uhkaa tietokoneellesi tuon perusteella. Ainoa ehkä on, että virus tai trojan voi olla nimetty jonkun luotettavan ohjelman mukaan, jolloin on mahdotonta tietää pelkän tekstin perusteella mistä oikeasta on kysymys. Yleensä tällöin on kysymyksessä uudempi virus, matonen tai vastaava.
Puhdas on. Tee vielä varmistus ewidolla -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Tee ohjaiden mukaisesti ja lähetä sen Raportti tänne vielä!
Tässä tää ewidon scan: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 23:12:04, 22.1.2006 + Report-Checksum: 904B66F1 + Scan result: :mozilla.7:C:\Documents and Settings\Ellu\Application Data\Mozilla\Firefox\Profiles\p9vhatga.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.13:C:\Documents and Settings\Ellu\Application Data\Mozilla\Firefox\Profiles\p9vhatga.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.14:C:\Documents and Settings\Ellu\Application Data\Mozilla\Firefox\Profiles\p9vhatga.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.60:C:\Documents and Settings\Ellu\Application Data\Mozilla\Firefox\Profiles\p9vhatga.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.136:C:\Documents and Settings\Ellu\Application Data\Mozilla\Firefox\Profiles\p9vhatga.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup C:\Documents and Settings\Ellu\Cookies\ellu@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup C:\Documents and Settings\Ellu\Cookies\ellu@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Ellu\Cookies\ellu@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.25:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup :mozilla.26:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup :mozilla.30:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup :mozilla.31:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup :mozilla.39:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.40:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.48:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.50:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.51:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.54:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.55:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.56:C:\Documents and Settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\g5s8lr8y.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup ::Report End EDIT: Vaihdoin muuten Firefox:iin
