apua! kansiot/ohjelmat aukeavat todella hitaasti

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by makke69, Dec 7, 2009.

Thread Status:
Not open for further replies.
  1. makke69

    makke69 Guest

    kansiot ja ohjelmat aukeavat erittäin hitaasti jos ollenkaan.
    joskus ruudulle pomppaa myöskin virheilmoitus windows-no disk.
    ccleanerin,ad-awaren,regseekerin ja malwarebytesin ajanut läpi mut ongelma ei tunnu häviävän.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:27:38, on 7.12.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\csrss.exe
    H:\WINDOWS\SYSTEM32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\Ati2evxx.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\SYSTEM32\Ati2evxx.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\System32\svchost.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    H:\Program Files\Bonjour\mDNSResponder.exe
    H:\Program Files\Java\jre6\bin\jqs.exe
    H:\Program Files\CDBurnerXP\NMSAccessU.exe
    H:\WINDOWS\System32\snmp.exe
    H:\WINDOWS\System32\svchost.exe
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\Windows Live\Messenger\msnmsgr.exe
    H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    H:\WINDOWS\System32\wbem\unsecapp.exe
    H:\WINDOWS\system32\wbem\wmiprvse.exe
    H:\WINDOWS\system32\wscntfy.exe
    H:\WINDOWS\System32\alg.exe
    H:\Program Files\Windows Live\Contacts\wlcomm.exe
    H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
    H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    H:\WINDOWS\service.exe
    H:\WINDOWS\System32\msiexec.exe
    H:\Program Files\Winamp\winamp.exe
    H:\Documents and Settings\oma\Desktop\tv\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79918888e=6088
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Windows ALT Services] H:\WINDOWS\service.exe
    O4 - Startup: siszyd32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Software Update.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Casino Action - {5FE4B45B-1E8E-486E-A143-06A85B9D5655} - H:\Microgaming\Casino\CasinoAction\casinogame.exe (HKCU)
    O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
    O11 - Options group: [INTERNATIONAL] International
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226358929156
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BC544D8A-17A1-441A-81D9-03F951F000FD}: NameServer = 193.229.0.40 193.229.0.42
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - (no file)
    O21 - SSODL: PzRRHkxxvPVVF - {66806469-CC2A-CEC3-DCA1-30227CD63506} - (no file)
    O21 - SSODL: sFjyq - {36E84787-9C42-ED2D-4333-BABE650A2695} - (no file)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google-päivityspalvelu (gupdate1ca4b159f2dff8e) (gupdate1ca4b159f2dff8e) - Unknown owner - H:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - H:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Program Files\Java\jre6\bin\jqs.exe" -service -config "H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - H:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - H:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe



    Malwarebytes' Anti-Malware 1.42
    Tietokantaversio: 3307
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7.12.2009 9:49:46
    mbam-log-2009-12-07 (09-49-46).txt

    Tarkistustyyppi: Täysi tarkistus (H:\|)
    Tarkistetut kohteet: 218893
    Kulunut aika: 4 hour(s), 17 minute(s), 4 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 23

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021295.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021296.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0021294.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023328.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023329.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0023330.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025470.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025775.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025776.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0025777.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031490.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031492.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0031491.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0033051.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085349.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085350.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0085351.exe (Trojan.Jevafus) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087311.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{74388BA0-2392-4641-8339-F12E4CAEE939}\RP128\A0087312.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    H:\WINDOWS\system32\config\systemprofile\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
     
    makke69, Dec 7, 2009
    #1
Thread Status:
Not open for further replies.

Share This Page