Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Activity


  • This topic is locked This topic is locked
3 replies to this topic

#1 Stormcrow

Stormcrow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Lulea Sweden
  • Local time:06:57 PM

Posted 29 March 2006 - 11:56 PM

Hi !


I'm new here and will post my Hijackthis log after som strange activity been happening to my computer earlier today and a few days back.

I earlier been spoofed and a few portscans has also be sent to me.
After those attacks my computer went nuts.Msn went down I couldn't access any websites before a reboot.
Under that time I used Nod32 & Outpost Firewall.Now I've changed back to F-secure all in one.
I couldn't even log on to BC on IRC without getting in trouble there too.Same happend there when the irc server scanned for open ports ( for a good reason ).I had to reboot 3 times in under 5 min.

Since I changed back to f-secure the problem seems to be gone but to maked sure I wanna post the hijackthis log to be sure that everything is allright.

I now have Installed
F-secure all In One
A-Squared
Ewido Anti-Malware
Spywareblaster & Spywareguard
And use Firefox




Logfile of HijackThis v1.99.1
Scan saved at 06:20:36, on 2006-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\ewido anti-malware\ewidoguard.exe
C:\Program\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Anti-Virus\fsqh.exe
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\Anti-Virus\fsrw.exe
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\FWES\Program\fsdfwd.exe
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\F-Secure\ANTI-S~1\fsaw.exe
C:\Program\F-Secure\FSGUI\fsguidll.exe
C:\Program\mIRC\mirc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Skrivbord\Hijackthis\HijackThis.exe
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE


Thanks in advance
Stormcrow

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:57 PM

Posted 02 April 2006 - 11:08 AM

Hello Stormcrow and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

It was probably just a hiccup with Outpost.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Stormcrow

Stormcrow
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Lulea Sweden
  • Local time:06:57 PM

Posted 09 April 2006 - 04:54 PM

Hi OldTimer and thanks for the reply.


That was good news to hear :D

Regards

Stormcrow

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:57 PM

Posted 10 April 2006 - 03:42 PM

You are verywelcome Stormcrow. I will now close this topic. Should you have any new issues in the future please start a new topic.

Cheers and happy computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users