Resussinhallinta ja virus ongelmaa

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by jykajyka, Mar 3, 2010.

Thread Status:
Not open for further replies.
  1. jykajyka

    jykajyka Member

    Joined:
    Dec 10, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Moi! Kaksi on ongelmaa ja tästä se alkoi:Aina kun menen resussinhallintaan kone ilmoittaa windows on havainnut virheen ja ohjelma on suljettava eikä hommista tule mitään.Toinen koneessa oleva tili meni täysin tilttiin ja aukeaa vain tuurilla mutta ohjelmat ei toimi ja kirjaimet näppäimistössä on sekaisin.Kone skannattu Malwarebytesillä Awastilla ja Trojan hunterilla mutta mitään ei löytynyt.A-squared free ei ensin löytänyt mitään mutta yllättäin sitten n30 kpl troijalaisia jotka sain poistettua vasta kolmannella kerralla.Turha kait mainitakaan ettei Norton internet securitekaan löytänyt mitään.Ohessa sekä Hijac T ja A-squared logit jos joku ehtis katsomaan mikä nyt tökkii?

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:20:22, on 1.3.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    G:\a-squared Free\a2service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Hijack this\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "G:\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - G:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - G:\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 6851 bytes
    a-squared free v. 4.5.0.27
    (C) 2003-2010 Emsi Software GmbH - www.emsisoft.com

    ID Object
    0 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0061001.sys Trojan.Win32.Patched.ic!A2
    1 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060970.exe Trojan.Win32.Starter.ip!A2
    2 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060996.sys Trojan.Win32.Patched.ic!A2
    3 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060969.exe Trojan.Win32.Starter.ip!A2
    4 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060968.sys Trojan.Win32.Patched.ic!A2
    5 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060964.exe Trojan.Win32.Genome.cgng!A2
    6 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060966.sys Trojan.Win32.Patched.ic!A2
    7 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060975.sys Trojan.Win32.Patched.ic!A2
    8 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060997.sys Trojan.Win32.Patched.ic!A2
    9 C:\WINDOWS\system32\drivers\swenum.sys Trojan.Win32.Patched.ic!A2
    10 G:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060994.exe Trojan.Win32.Genome.cssa!A2
    11 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060973.exe Trojan.Win32.Starter.ip!A2
    12 C:\WINDOWS\system32\drivers\swenum.sys Trojan.Win32.Patched.ic!A2
    13 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060995.sys Trojan.Win32.Patched.ic!A2
    14 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060965.exe Trojan.Win32.Genome.cgng!A2
    15 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060972.exe Trojan.Win32.Starter.ip!A2
    16 C:\WINDOWS\system32\drivers\swenum.sys Trojan.Win32.Patched.ic!A2
    17 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060998.sys Trojan.Win32.Patched.ic!A2
    18 C:\WINDOWS\system32\dllcache\swenum.sys Trojan.Win32.Patched.ic!A2
    19 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060974.sys Trojan.Win32.Patched.ic!A2
    20 C:\WINDOWS\system32\dllcache\swenum.sys Trojan.Win32.Patched.ic!A2
    21 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0061002.sys Trojan.Win32.Patched.ic!A2
    22 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0061003.sys Trojan.Win32.Patched.ic!A2
    23 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060967.sys Trojan.Win32.Patched.ic!A2
    24 C:\WINDOWS\system32\dllcache\swenum.sys Trojan.Win32.Patched.ic!A2
    25 C:\System Volume Information\_restore{6EFE30AE-BACD-425C-8EA1-7B4B8609107C}\RP173\A0060971.exe Trojan.Win32.Starter.ip!A2
    26 C:\WINDOWS\$NtServicePackUninstall$\swenum.sys Trojan.Win32.Patched.ic!A2

    Tälläisia vekkuleita siellä oli,toivottavasti joku keksisi ratkaisun tähän mun "pikku ongelmaan"
     
    jykajyka, Mar 3, 2010
    #1
Thread Status:
Not open for further replies.

Share This Page