Työpöydän kuva

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by 280368, Jan 23, 2009.

  1. 280368

    280368 Member

    Joined:
    Jan 23, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Ihan pihalla ollaan ja ongelmaa en osaa ratkaista.
    AD aware, spybot ja Fsecure "petti" meikäläisen.

    Joten oliskos tässä hjt logissa jotain mitä pitäis tajuata

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:48:17, on 23.1.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    G:\Program Files\Bonjour\mDNSResponder.exe
    G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    G:\WINDOWS\system32\nvsvc32.exe
    G:\WINDOWS\system32\PnkBstrA.exe
    G:\WINDOWS\system32\svchost.exe
    G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    G:\Program Files\Canon\CAL\CALMAIN.exe
    G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    G:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\RTHDCPL.EXE
    G:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    G:\Program Files\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe
    G:\Program Files\iTunes\iTunesHelper.exe
    G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    G:\Program Files\TomTom HOME 2\HOMERunner.exe
    G:\Program Files\Electronic Arts\EADM\Core.exe
    G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    G:\Program Files\iPod\bin\iPodService.exe
    G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    F2 - REG:system.ini: UserInit=G:\WINDOWS\system32\userinit.exe,,
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HPMVTray] "G:\Program Files\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Ad-Watch] G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [UpdateWin] G:\WINDOWS\system32\accessz.exe
    O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [TomTomHOME.exe] "G:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [EA Core] G:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [UpdateWin] G:\WINDOWS\system32\accessz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: elin Need for Speed™ Undercover rekisteröinti.lnk = G:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - G:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - G:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - G:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8883 bytes

    Avusta ja neuvoista jo etukäteen kiittäen
     
    280368, Jan 23, 2009
    #1
  2. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    Spybot - Search & Destroy

    Poista kansio vikasiedossa

    G:\Program Files\Spybot - Search & Destroy

    =============

    1. Klikkaa hiiren oikella Ad-Watch-kuvaketta tehtäväpalkissa ja valitse "Restore Ad-Watch".
    2. Ruudun alalaidassa on kaksi rastitettavaa ruutua "Active" ja "Automatic".

    Active: Switches Monitoring On or Off without closing
    Automatic: Switches Automatic Blocking On or Off

    3. Ota rasti pois molemmista (punainen X).

    ===========

    scannaa hjt:llä merkkaa paina Fix checked

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    =============

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi
     
    Hujo, Jan 23, 2009
    #2

Share This Page