Kone hidastunut ja netti pätkii.

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Metal82, Sep 16, 2010.

  1. Metal82

    Metal82 Member

    Joined:
    Apr 21, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:53:54, on 16.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17080)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\B2BPOKER\Pokerihuone\Client.exe
    C:\Program Files\B2BPOKER\Pokerihuone\jre\bin\javaw.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fi/spbasic.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2010 - näyttöleikkeet ja aloitus.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    O8 - Extra context menu item: &L&ataa &BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &L&ataa jaujju videot BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &L&ataa kaikki BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
    O9 - Extra button: Casino Classic - {354ABB40-613A-4871-9668-2F49D2D13B6A} - C:\Microgaming\Casino\CasinoClassic\casinogame.exe (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

    --
    End of file - 8156 bytes
     
    Metal82, Sep 16, 2010
    #1
  2. Metal82

    Metal82 Member

    Joined:
    Apr 21, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Tietokantaversio: 4590

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    16.9.2010 12:31:07
    mbam-log-2010-09-16 (12-31-07).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|Q:\|)
    Tarkistettuja kohteita: 194961
    Kulunut aika: 1 tunti(a), 34 minuutti(a), 17 sekunti(a)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 1
    Saastuneita rekisteriarvoja: 1
    Saastuneita rekisterikohteita: 0
    Saastuneita kansioita: 0
    Saastuneita tiedostoja: 7

    Saastuneita muistiprosesseja:
    (Ei haitallisia kohteita)

    Saastuneita muistimoduuleja:
    (Ei haitallisia kohteita)

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Adware.Casino) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    (Ei haitallisia kohteita)

    Saastuneita kansioita:
    (Ei haitallisia kohteita)

    Saastuneita tiedostoja:
    C:\Documents and Settings\Sanna\Työpöytä\Käyttämättömät työpöydän pikakuvakkeet\casinoclassic.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Microgaming\Casino\CasinoClassic\install.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\Microgaming\Casino\GoldenTiger\install.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5758ED3F-4B13-4DE4-B3AF-EF2631933E43}\RP466\A0064994.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5758ED3F-4B13-4DE4-B3AF-EF2631933E43}\RP477\A0067123.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5758ED3F-4B13-4DE4-B3AF-EF2631933E43}\RP479\A0068295.exe (Trojan.Genome) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Suosikit\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

    joo eli mul oli tääl jo avunpyyntö. mut se poistettiin ku olin liian hidas. menin ihan hämilleen ku mul ei ollu virustorjunta päällä ja siitä johtuen en konetta käyttänyt paljoa. nyt pitäs olla toiminnassa. sori vaan ku kyselen uusiks apua mut aina ei 5 päivään ehi koneelle. olisin kiitollinen jos joku nyt viel jaksais auttaa..
     
    Metal82, Sep 16, 2010
    #2
  3. Metal82

    Metal82 Member

    Joined:
    Apr 21, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    11
    Poistin noi malwaret kaikki. Vieläkin hidas. Netti toimii tosin paremmin ku asensin uusimmat wlan ajurit.
     
    Metal82, Sep 17, 2010
    #3

Share This Page