|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
apua! kansiot/ohjelmat aukeavat todella hitaasti
|
|
|
makke69
Suspended due to non-functional email address
|
7. joulukuuta 2009 @ 12:41 |
Linkki tähän viestiin
|
kansiot ja ohjelmat aukeavat erittäin hitaasti jos ollenkaan.
joskus ruudulle pomppaa myöskin virheilmoitus windows-no disk ccleanerin,ad-awaren,regseekerin ja malwarebytesin ajanut läpi mut ongelma ei tunnu häviävän.
Logfile of HijackThis v1.99.1
Scan saved at 12:27:38, on 7.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\SYSTEM32\Ati2evxx.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\System32\snmp.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\WINDOWS\System32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
H:\WINDOWS\service.exe
H:\WINDOWS\System32\msiexec.exe
H:\Program Files\Winamp\winamp.exe
H:\Documents and Settings\oma\Desktop\tv\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79918888e=6088
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows ALT Services] H:\WINDOWS\service.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Software Update.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Casino Action - {5FE4B45B-1E8E-486E-A143-06A85B9D5655} - H:\Microgaming\Casino\CasinoAction\casinogame.exe (HKCU)
O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1226358929156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC544D8A-17A1-441A-81D9-03F951F000FD}: NameServer = 193.229.0.40 193.229.0.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - (no file)
O21 - SSODL: PzRRHkxxvPVVF - {66806469-CC2A-CEC3-DCA1-30227CD63506} - (no file)
O21 - SSODL: sFjyq - {36E84787-9C42-ED2D-4333-BABE650A2695} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google-päivityspalvelu (gupdate1ca4b159f2dff8e) (gupdate1ca4b159f2dff8e) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
Malwarebytes' Anti-Malware 1.42
Tietokantaversio: 3307
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7.12.2009 9:49:46
mbam-log-2009-12-07 (09-49-46).txt
Tarkistustyyppi: Täysi tarkistus (H:\|)
Tarkistetut kohteet: 218893
Kulunut aika: 4 hour(s), 17 minute(s), 4 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 23
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021295.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021296.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021294.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023328.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023329.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023330.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025470.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025775.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025776.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025777.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031490.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031492.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031491.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033051.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085349.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085350.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085351.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087311.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087312.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\config\systemprofile\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
|
|
Hujo
Suspended permanently
|
7. joulukuuta 2009 @ 17:28 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
makke69
Suspended due to non-functional email address
|
8. joulukuuta 2009 @ 00:45 |
Linkki tähän viestiin
|
|
palomuurina xp oma... antivir hoitaa virustorjuntaa.. oli pakko poistaa tuo antivir ja latailla uusiks lagitti niin pahasti..
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. joulukuuta 2009 @ 00:47
|
|
Hujo
Suspended permanently
|
8. joulukuuta 2009 @ 00:53 |
Linkki tähän viestiin
|
no mulla ei tuo avast lagittele ;)
On meinaan tominut siintä saakka ihan moiteita kun sen asensin vuodesta nakki.. mikä se nyt olikaan.
------
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [Windows ALT Services] H:\WINDOWS\service.exe
O4 - Startup: siszyd32.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - (no file)
O21 - SSODL: PzRRHkxxvPVVF - {66806469-CC2A-CEC3-DCA1-30227CD63506} - (no file)
O21 - SSODL: sFjyq - {36E84787-9C42-ED2D-4333-BABE650A2695} - (no file)
------
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. joulukuuta 2009 @ 01:28
|
|
makke69
Suspended due to non-functional email address
|
8. joulukuuta 2009 @ 08:35 |
Linkki tähän viestiin
|
kiitos ohjeista kone toimi jopa siedettävästi noin 30sek :)
SDFix: Version 1.240
Run by oma on ti 08.12.2009 at 05:57
Microsoft Windows XP [Version 5.1.2600]
Running From: H:\Documents and Settings\oma\desktop\SDFix
Checking Services :
Infected user32.dll Found!
user32.dll File Locations:
"H:\WINDOWS\$NtServicePackUninstall$\user32.dll" 577024 04.08.2004 00:56
"H:\WINDOWS\ServicePackFiles\i386\user32.dll" 578560 13.04.2008 16:12
"H:\WINDOWS\system32\user32.DLL" 578560 19.03.2009 01:21
"H:\WINDOWS\system32\dllcache\user32.dll" 578560 19.03.2009 01:21
[H:\WINDOWS\$NtServicePackUninstall$\user32.dll] C72661F8552ACE7C5C85E16A3CF505C4
[H:\WINDOWS\ServicePackFiles\i386\user32.dll] B26B135FF1B9F60C9388B4A7D16F600B
[H:\WINDOWS\system32\user32.DLL] 9362829DD6BF425CB730824EA9D4F7F7
[H:\WINDOWS\system32\dllcache\user32.dll] 9362829DD6BF425CB730824EA9D4F7F7
[H:\WINDOWS\System32\yaymmlf] B26B135FF1B9F60C9388B4A7D16F600B
Note: SDFix does not repair this file!
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HKCU HomePage
Rebooting
Checking Files :
Trojan Files Found:
H:\WINDOWS\SYSTEM32\WMSOFT~1.EXE - Deleted
H:\WINDOWS\SYSTEM32\WMSOFT~2.EXE - Deleted
H:\WINDOWS\system32\wmsoft65431.exe - Deleted
H:\WINDOWS\service.exe - Deleted
H:\WINDOWS\system32\i - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 06:47:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,76,cd,fa,c5,95,6e,d9,41,d2,63,70,fb,43,5e,fd,c4,5d,..
"hj34z0"=hex:af,0f,d2,79,6d,3f,66,8f,9d,01,ea,b0,c2,ca,74,56,82,9d,0a,31,81,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"DisplayName"="DAEMON Tools"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\\Program Files\\BitComet\\BitComet.exe"="H:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"H:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"H:\\Program Files\\B2BPOKER\\Pokerimaa\\jre\\bin\\javaw.exe"="H:\\Program Files\\B2BPOKER\\Pokerimaa\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"H:\\Program Files\\RevConnect\\DCPlusPlus.exe"="H:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"
"H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"="H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"="H:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"H:\\Program Files\\Messenger\\msmsgs.exe"="H:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="H:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\\WINDOWS\\service.exe"="H:\\WINDOWS\\service.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
File Backups: - H:\DOCUME~1\oma\desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Nov 2009 1,168,216 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 8 Dec 2009 0 A..H. --- "H:\WINDOWS\Temp\BITE.tmp"
Mon 10 Nov 2008 4,348 ..SH. --- "H:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 24 Mar 2009 0 A.SH. --- "H:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 26 Mar 2007 114,688 A.SH. --- "H:\Documents and Settings\oma\desktop\100KM031\SIV278.tmp"
Mon 26 Mar 2007 114,688 A.SH. --- "H:\Documents and Settings\oma\desktop\100KM031\DCIM\100KM031\SIV278.tmp"
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 22:34:38, on 7.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\System32\snmp.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
H:\WINDOWS\System32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\oma\Desktop\tv\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Casino Action - {5FE4B45B-1E8E-486E-A143-06A85B9D5655} - H:\Microgaming\Casino\CasinoAction\casinogame.exe (HKCU)
O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1226358929156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC544D8A-17A1-441A-81D9-03F951F000FD}: NameServer = 193.229.0.40 193.229.0.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google-päivityspalvelu (gupdate1ca4b159f2dff8e) (gupdate1ca4b159f2dff8e) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
|
|
Hujo
Suspended permanently
|
8. joulukuuta 2009 @ 10:22 |
Linkki tähän viestiin
|
Tarkista Kaspersky Online Skannerilla
1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
3. Kun lataus on valmis, klikkaa Settings.
4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. joulukuuta 2009 @ 10:50
|
|
makke69
Suspended due to non-functional email address
|
8. joulukuuta 2009 @ 13:09 |
Linkki tähän viestiin
|
|
tatauksen jälkeen rakas koneeni päätti käynnistyä uudelleen ja nyt ongelmana on että aina kun tulee se windows xp lataus kohta niin kone käynnistyy uudelleen ja uudelleen..olisikohan jotain apua josko koitan tehdä xp asennus levylllä korjaavan asennuksen
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. joulukuuta 2009 @ 13:11
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
8. joulukuuta 2009 @ 18:07 |
Linkki tähän viestiin
|
|
Koitas mennä vikasietotilaan.
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
-----
onnistuuko sinne meno
Voiko tietsikka koskaan toimia?
|
|
