Kone sekoilee, HJT log

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by anon1216, May 2, 2009.

  1. anon1216

    anon1216 Guest

    Eli internet exploreri avatuu itsekseen millon sattuu ja tarjoilee sieltä jotain free virus scannia. Firefoxiin on ruvennut ilmestymään outoja mainoksia vaikka käytän adblockia Ja firefoxin yläreunaan tulee välillä jotain virus linkkejä esim. "Too many errors and faults WERE found in your system. Possibly that IT WAS THE RESULT of virus attack.YOU MUST scan your system". Joidenkin sivujen tekstit on muuttunut punaiseksi esim. Afterdawn ja kone hidastelee muutenkin aika paljon. Tässä HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:06:20, on 2.5.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\EeePC\ACPI\AsTray.exe
    D:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxext.exe
    D:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    D:\Program Files\Elantech\ETDCtrl.exe
    D:\Program Files\Elantech\ETDDect.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
    D:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    D:\program files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://onlinescanxpp.com/land/eurl/?code=49
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AsusTray] D:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] D:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] D:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [ETDWare] D:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [ETDWareDetect] D:\Program Files\Elantech\ETDDect.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AutoRun OSCleaner.lnk = D:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: SuperHybridEngine.exe.lnk = ?
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\docume~1\samui\locals~1\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\samui\locals~1\temp\ntdll64.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: __c00D06B3 - C:\WINDOWS\system32\__c00D06B3.dat
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Uniblue DiskRescue - Uniblue - D:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

    --
    End of file - 6060 bytes
     
    anon1216, May 2, 2009
    #1
  2. kelari

    kelari Regular member

    Joined:
    Jul 26, 2006
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    26
    Laita tuo logisi tuonne:
    http://www.virustorjunta.net/modules.php?name=Forums&file=index (HjT-logien analysointi)



    Niin joo, vt.netissä on sitten välillä hieman ruuhkaa, joten siellä HjT-osiossa on viestiketju, johon voit spämmätä viestiä mikäli logiisi ei olla vastattu viiteen päivään. Älä siis yritä nostaa omaa logiasi ylöspäin kirjoittamalla uutta viestiä vanhan viestisi perään, nimittäin logisi häviää silloin vastaamattomien viestiketjujen joukosta
     
    kelari, May 3, 2009
    #2
  3. anon1216

    anon1216 Guest

    Kone meni niin sekaisin että vaihtoehtona ei ollut kun formatointi.
     
    anon1216, May 4, 2009
    #3

Share This Page