tosi hidas kone...

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by sakama, Feb 25, 2009.

  1. sakama

    sakama Member

    Joined:
    Aug 27, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Kone toimii todella hitaasti. Voiko joku tarkistaa logini?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:13:05, on 25.2.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe
    C:\mhm2k\WinZip\WZQKPICK.EXE
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Outi Nobel\Työpöytä\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\mhm2k\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124545882807
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 5864 bytes
     
    sakama, Feb 25, 2009
    #1
  2. sakama

    sakama Member

    Joined:
    Aug 27, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Combo Fix näytti seuraavaa:

    ComboFix 09-02-24.02 - Outi Nobel 2009-02-25 14:22:56.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.222.73 [GMT 2:00]
    Sijainti: c:\documents and settings\Outi Nobel\Ty”p”yt„\ComboFix.exe
    AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
    * Uusi palautuspiste luotu
    .
    /wow section - STAGE 8
    Prosessi ei voi k„ytt„„ tiedostoa, koska se on toisen prosessin k„yt”ss„.


    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-25 to 2009-02-25 )))))))))))))))))
    .

    2009-02-25 14:17 . 2009-02-25 14:18 <KANSIO> d-------- C:\32788R22FWJFW
    2009-02-25 14:06 . 2009-02-25 14:06 <KANSIO> d-------- c:\windows\LastGood
    2009-02-20 18:38 . 2009-02-20 21:37 <KANSIO> d-------- c:\windows\system32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-25 11:32 --------- d-----w c:\documents and settings\Outi Nobel\Application Data\AVG7
    2009-02-20 19:08 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-27 536576]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-30 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-30 118784]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-04-30 274432]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-25 590848]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-15 15360]
    "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-12-12 219136]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
    "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
    "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
    "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R3 SMC2835W_PCI;SMC2835W 2.4GHz 54 Mbps Wireless Cardbus Driver;c:\windows\system32\drivers\2835WICB.sys [2005-08-20 377760]
    R3 w3304an5;WN3X0X Wireless Adapter;c:\progra~1\SMC\SMC283~1.4GH\drivers\WINXP\w3304an5.SYS [2002-10-07 15104]

    --- Muut muistissa olevat ajurit/palvelut ---

    *Deregistered* - Pml Driver HPZ12
    *Deregistered* - PolicyAgent
    *Deregistered* - ProtectedStorage
    *Deregistered* - RasMan
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - Schedule
    *Deregistered* - seclogon
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - Spooler
    *Deregistered* - srservice
    *Deregistered* - SSDPSRV
    *Deregistered* - stisvc
    *Deregistered* - TapiSrv
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - TrkWks
    *Deregistered* - UMWdf
    *Deregistered* - W32Time
    *Deregistered* - WebClient
    *Deregistered* - winmgmt
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    *Deregistered* - WZCSVC
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    HKCU-Run-BackupNotify - c:\program files\HP\Digital Imaging\bin\backupnotify.exe
    HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE


    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://www.msn.com
    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
    FF - ProfilePath - c:\documents and settings\Outi Nobel\Application Data\Mozilla\Firefox\Profiles\i40hx8k0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-25 14:29:38
    Windows 5.1.2600 Service Pack 2 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?1?4?-??????? ???B???????????????B? ??????

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
    .
    Valmistumisajankohta: 2009-02-25 14:34:32
    ComboFix-quarantined-files.txt 2009-02-25 12:34:21

    Ennen ajoa: 15ÿ718ÿ019ÿ072 tavua vapaana
    Ajon jõlkeen: 16,378,544,128 tavua vapaana

    WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    119 --- E O F --- 2009-02-20 20:16:31
     
    sakama, Feb 25, 2009
    #2
  3. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi
     
    Hujo, Feb 25, 2009
    #3

Share This Page