apua! kansiot/ohjelmat aukeavat todella hitaasti

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by makke69, Dec 7, 2009.

  1. makke69

    makke69 Guest

    kansiot ja ohjelmat aukeavat erittäin hitaasti jos ollenkaan.
    joskus ruudulle pomppaa myöskin virheilmoitus windows-no disk ccleanerin,ad-awaren,regseekerin ja malwarebytesin ajanut läpi mut ongelma ei tunnu häviävän.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:27:38, on 7.12.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\SYSTEM32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\SYSTEM32\Ati2evxx.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\CDBurnerXP\NMSAccessU.exe
    H:\WINDOWS\System32\snmp.exe
    H:\WINDOWS\System32\svchost.exe
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\msnmsgr.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    H:\WINDOWS\System32\wbem\unsecapp.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\WINDOWS\System32\alg.exe
    H:\Program Files\Windows Live\Contacts\wlcomm.exe
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    H:\WINDOWS\service.exe
    H:\WINDOWS\System32\msiexec.exe
    H:\Program Files\Winamp\winamp.exe
    H:\Documents and Settings\oma\Desktop\tv\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79918888e=6088
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows ALT Services] H:\WINDOWS\service.exe
    O4 - Startup: siszyd32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Software Update.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Casino Action - {5FE4B45B-1E8E-486E-A143-06A85B9D5655} - H:\Microgaming\Casino\CasinoAction\casinogame.exe (HKCU)
    O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
    O11 - Options group: [INTERNATIONAL] International
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226358929156
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC544D8A-17A1-441A-81D9-03F951F000FD}: NameServer = 193.229.0.40 193.229.0.42
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - (no file)
    O21 - SSODL: PzRRHkxxvPVVF - {66806469-CC2A-CEC3-DCA1-30227CD63506} - (no file)
    O21 - SSODL: sFjyq - {36E84787-9C42-ED2D-4333-BABE650A2695} - (no file)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google-päivityspalvelu (gupdate1ca4b159f2dff8e) (gupdate1ca4b159f2dff8e) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe



    Malwarebytes' Anti-Malware 1.42
    Tietokantaversio: 3307
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7.12.2009 9:49:46
    mbam-log-2009-12-07 (09-49-46).txt

    Tarkistustyyppi: Täysi tarkistus (H:\|)
    Tarkistetut kohteet: 218893
    Kulunut aika: 4 hour(s), 17 minute(s), 4 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 23

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021295.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021296.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021294.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023328.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023329.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023330.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025470.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025775.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025776.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025777.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031490.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031492.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031491.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033051.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085349.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085350.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085351.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087311.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087312.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    H:\WINDOWS\system32\config\systemprofile\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
     
    makke69, Dec 7, 2009
    #1
  2. Hujo

    Hujo Guest

    Missäs on koneen virustorjunta ja palomuuri
     
    Hujo, Dec 7, 2009
    #2
  3. makke69

    makke69 Guest

    palomuurina xp oma... antivir hoitaa virustorjuntaa.. oli pakko poistaa tuo antivir ja latailla uusiks lagitti niin pahasti..
     
    Last edited by a moderator: Dec 7, 2009
    makke69, Dec 7, 2009
    #3
  4. Hujo

    Hujo Guest

    no mulla ei tuo avast lagittele ;)
    On meinaan tominut siintä saakka ihan moiteita kun sen asensin vuodesta nakki.. mikä se nyt olikaan.

    ------

    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\Run: [Windows ALT Services] H:\WINDOWS\service.exe
    O4 - Startup: siszyd32.exe
    O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - (no file)
    O21 - SSODL: PzRRHkxxvPVVF - {66806469-CC2A-CEC3-DCA1-30227CD63506} - (no file)
    O21 - SSODL: sFjyq - {36E84787-9C42-ED2D-4333-BABE650A2695} - (no file)

    ------

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    Last edited by a moderator: Dec 7, 2009
    Hujo, Dec 7, 2009
    #4
  5. makke69

    makke69 Guest

    kiitos ohjeista kone toimi jopa siedettävästi noin 30sek :)

    SDFix: Version 1.240
    Run by oma on ti 08.12.2009 at 05:57

    Microsoft Windows XP [Version 5.1.2600]
    Running From: H:\Documents and Settings\oma\desktop\SDFix

    Checking Services :


    Infected user32.dll Found!

    user32.dll File Locations:

    "H:\WINDOWS\$NtServicePackUninstall$\user32.dll" 577024 04.08.2004 00:56
    "H:\WINDOWS\ServicePackFiles\i386\user32.dll" 578560 13.04.2008 16:12
    "H:\WINDOWS\system32\user32.DLL" 578560 19.03.2009 01:21
    "H:\WINDOWS\system32\dllcache\user32.dll" 578560 19.03.2009 01:21

    [H:\WINDOWS\$NtServicePackUninstall$\user32.dll] C72661F8552ACE7C5C85E16A3CF505C4
    [H:\WINDOWS\ServicePackFiles\i386\user32.dll] B26B135FF1B9F60C9388B4A7D16F600B
    [H:\WINDOWS\system32\user32.DLL] 9362829DD6BF425CB730824EA9D4F7F7
    [H:\WINDOWS\system32\dllcache\user32.dll] 9362829DD6BF425CB730824EA9D4F7F7


    [H:\WINDOWS\System32\yaymmlf] B26B135FF1B9F60C9388B4A7D16F600B


    Note: SDFix does not repair this file!



    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default HKCU HomePage

    Rebooting


    Checking Files :

    Trojan Files Found:

    H:\WINDOWS\SYSTEM32\WMSOFT~1.EXE - Deleted
    H:\WINDOWS\SYSTEM32\WMSOFT~2.EXE - Deleted
    H:\WINDOWS\system32\wmsoft65431.exe - Deleted
    H:\WINDOWS\service.exe - Deleted
    H:\WINDOWS\system32\i - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-08 06:47:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,76,cd,fa,c5,95,6e,d9,41,d2,63,70,fb,43,5e,fd,c4,5d,..
    "hj34z0"=hex:af,0f,d2,79,6d,3f,66,8f,9d,01,ea,b0,c2,ca,74,56,82,9d,0a,31,81,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
    "DisplayName"="DAEMON Tools"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "H:\\Program Files\\BitComet\\BitComet.exe"="H:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "H:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "H:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "H:\\Program Files\\B2BPOKER\\Pokerimaa\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Pokerimaa\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "H:\\Program Files\\RevConnect\\DCPlusPlus.exe"="H:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"
    "H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"="H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
    "H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"="H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "H:\\Program Files\\Messenger\\msmsgs.exe"="H:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "H:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="H:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
    "H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "H:\\WINDOWS\\service.exe"="H:\\WINDOWS\\service.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    Remaining Files :


    File Backups: - H:\DOCUME~1\oma\desktop\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 4 Nov 2009 1,168,216 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\advcheck.dll"
    Mon 26 Jan 2009 1,740,632 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Thu 5 Mar 2009 2,260,480 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Tue 8 Dec 2009 0 A..H. --- "H:\WINDOWS\Temp\BITE.tmp"
    Mon 10 Nov 2008 4,348 ..SH. --- "H:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 24 Mar 2009 0 A.SH. --- "H:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 26 Mar 2007 114,688 A.SH. --- "H:\Documents and Settings\oma\desktop\100KM031\SIV278.tmp"
    Mon 26 Mar 2007 114,688 A.SH. --- "H:\Documents and Settings\oma\desktop\100KM031\DCIM\100KM031\SIV278.tmp"

    Finished!




    Logfile of HijackThis v1.99.1
    Scan saved at 22:34:38, on 7.12.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\SYSTEM32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\Avira\AntiVir Desktop\sched.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Avira\AntiVir Desktop\avguard.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\CDBurnerXP\NMSAccessU.exe
    H:\WINDOWS\System32\snmp.exe
    H:\WINDOWS\System32\svchost.exe
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    H:\WINDOWS\System32\wbem\unsecapp.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\WINDOWS\System32\alg.exe
    H:\WINDOWS\Explorer.EXE
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Windows Live\Messenger\msnmsgr.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    H:\Program Files\Windows Live\Contacts\wlcomm.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\Program Files\Mozilla Firefox\firefox.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Documents and Settings\oma\Desktop\tv\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Startup: siszyd32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Casino Action - {5FE4B45B-1E8E-486E-A143-06A85B9D5655} - H:\Microgaming\Casino\CasinoAction\casinogame.exe (HKCU)
    O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226358929156
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC544D8A-17A1-441A-81D9-03F951F000FD}: NameServer = 193.229.0.40 193.229.0.42
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google-päivityspalvelu (gupdate1ca4b159f2dff8e) (gupdate1ca4b159f2dff8e) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
     
    makke69, Dec 8, 2009
    #5
  6. Hujo

    Hujo Guest

    Tarkista Kaspersky Online Skannerilla

    1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
    2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
    3. Kun lataus on valmis, klikkaa Settings.
    4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
    5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
    6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
    7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
    8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
    9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
     
    Last edited by a moderator: Dec 8, 2009
    Hujo, Dec 8, 2009
    #6
  7. makke69

    makke69 Guest


    tatauksen jälkeen rakas koneeni päätti käynnistyä uudelleen ja nyt ongelmana on että aina kun tulee se windows xp lataus kohta niin kone käynnistyy uudelleen ja uudelleen..olisikohan jotain apua josko koitan tehdä xp asennus levylllä korjaavan asennuksen
     
    Last edited by a moderator: Dec 8, 2009
    makke69, Dec 8, 2009
    #7
  8. Hujo

    Hujo Guest

    Koitas mennä vikasietotilaan.

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    -----

    onnistuuko sinne meno
     
    Hujo, Dec 8, 2009
    #8

Share This Page