Windows Security alert + muuta pikkuhäikkää.

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by tubro, Oct 8, 2008.

  1. tubro

    tubro Guest

    Noniin, elikkäs nyt sitten loppuivat omat konstit kesken ja päätin kysyä teiltä tietävemmiltä että mikä mahtaisi olla ratkaisu ongelmaani. Koneen käynnistyessä silmille hyppii Windowsin oman tietoturvan logon näköinen kilven kuva alareunaan ja aloittaa "skannaamisen" jollain omalla ohjelmallaan. Ilmiselvä feikki popup eli siihen en koske. Hetken päästä tämä muistaakseni "2000.exe" kaatuu itsestään ja se vika "korjaantuu". No toisena on sitten tämä kun työpöydän taustakuvaksi tulee jokin Windows 98:n errorscreeniä muistuttava ruutu, jonka tosin saa pois kun oikeasta yläkulmasta ruksia painaa. Samaan syssyyn lisätään myös että esim. C: ja D: asemani, sekä mm. My Computer, Run sekä Run komennot katoavat Start palkista. Ne olen itse saanut takaisin manuaalisesti mutta kiintolevyt ovat teillä tietymättömillä.

    Ja vielä kolmas fiba ovat nämä useita vaivaavat Windows security alert popupit ja infokuplat. Samalla Firefox on alkanut käyttäytyä kummasti ja lopettaa itsensä jos sitä koittaa käyttää. Tämä IE tosin toimii moitteetta.. Onpa leipätekstiä, mutta toivottavasti pystytte auttamaan, tässä vielä HJT-logi.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36, on 8.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Ohjelmat\Adawre\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Ohjelmat\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    D:\Ohjelmat\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Ohjelmat\Daemon\daemon.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    D:\Ohjelmat\Ericsson\PC-Suite\Sony Ericsson PC Suite\SEPCSuite.exe
    D:\pelit\half-life2\steam.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: olnmraew - {306B1FE0-FE45-4A42-B2DE-C8229CA12CCC} - C:\WINDOWS\olnmraew.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
    O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Ohjelmat\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Ohjelmat\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5204] command /c del "C:\WINDOWS\system32\gddlvwht.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3629] cmd /c del "C:\WINDOWS\system32\gddlvwht.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9999] command /c del "C:\WINDOWS\lfstbwvd.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC572] cmd /c del "C:\WINDOWS\lfstbwvd.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Ohjelmat\SpyBot\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Ohjelmat\Daemon\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Ohjelmat\Ericsson\PC-Suite\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [Steam] "d:\pelit\half-life2\steam.exe" -silent
    O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
    O4 - HKCU\..\Run: [] C:\Documents and Settings\Acey\Application Data\Adobe\Player.exe
    O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Acey\LOCALS~1\Temp\a.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Ohjelmat\SpyBot\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8474] command /c del "C:\WINDOWS\system32\gddlvwht.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5769] cmd /c del "C:\WINDOWS\system32\gddlvwht.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8699] command /c del "C:\WINDOWS\lfstbwvd.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4948] cmd /c del "C:\WINDOWS\lfstbwvd.dll_old"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Ohjelmat\SpyBot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Ohjelmat\SpyBot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - AppInit_DLLs: gsdcgn.dll
    O21 - SSODL: lfstbwvd - {18EF8DB5-C27B-4DE2-9EB8-BA2BA6B1977B} - C:\WINDOWS\lfstbwvd.dll (file missing)
    O21 - SSODL: qmafxprs - {8D4E74B5-C0E9-4A65-9DAE-BDD86D26CD7B} - C:\WINDOWS\qmafxprs.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Ohjelmat\Adawre\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    --
    End of file - 11784 bytes

     
    Last edited by a moderator: Oct 8, 2008
    tubro, Oct 8, 2008
    #1
  2. tubro

    tubro Guest

    Omat konstit, parhaat konstit. Homma hoidettu Spyware Doctorin sekä Anti-Malware ohjelmien puhdistettua koneen perinpohjin vikasietotilassa.
     
    tubro, Oct 9, 2008
    #2

Share This Page