Mikä tässä HJT lokissa on pielessä

toivot on menny

2009-02-17 19:33:45

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:53, on 17.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\PuXpMan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRA~1\Webshots\WEBSHOTS.SCR
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234026870875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234027191125
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98c5cacf28b8a) (gupdate1c98c5cacf28b8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7981 bytes

480

Äänestä

Vastaukset

toivot on menny
2009-02-17 21:26:05
ComboFix 09-02-15.01 - bianco 2009-02-17 20:52:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.2047.1231 [GMT 2:00]
Sijainti: c:\documents and settings\bianco\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090216-1] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-17 to 2009-02-17 )))))))))))))))))
.

2009-02-17 19:31 . 2009-02-17 19:31      d--------   c:\program files\Trend Micro
2009-02-17 12:12 . 2008-04-14 18:11   21,504   --a------   c:\windows\system32\hidserv.dll
2009-02-17 12:12 . 2008-04-14 18:11   21,504   --a--c---   c:\windows\system32\dllcache\hidserv.dll
2009-02-17 02:13 . 2009-02-17 02:13      d--------   c:\program files\LSoft Technologies
2009-02-17 02:06 . 2009-02-17 19:19   3,373,917   --a------   c:\windows\{00000002-00000000-00000002-00001102-00000002-80271102}.BAK
2009-02-15 03:43 . 2009-02-15 03:43   17,856   --a------   c:\documents and settings\bianco\Application Data\GDIPFONTCACHEV1.DAT
2009-02-14 04:04 . 2009-02-14 04:04   165,376   --a------   c:\windows\system32\drivers\atksgt.sys
2009-02-14 04:04 . 2009-02-14 04:04   18,048   --a------   c:\windows\system32\drivers\lirsgt.sys
2009-02-14 02:37 . 2009-02-14 02:37      d--------   c:\program files\PC Connectivity Solution
2009-02-14 02:37 . 2009-02-14 02:37      d--------   c:\program files\Common Files\PCSuite
2009-02-14 02:37 . 2008-10-29 11:24   831,048   --a------   c:\windows\system32\WudfUpdate_01005.dll
2009-02-14 02:37 . 2008-08-26 09:26   18,816   --a------   c:\windows\system32\drivers\pccsmcfd.sys
2009-02-14 02:36 . 2009-02-14 02:37      d--------   c:\program files\Nokia
2009-02-14 00:02 . 2009-02-14 00:02      d--------   c:\documents and settings\All Users\Application Data\Nokia
2009-02-13 23:59 . 2009-02-13 23:59      d--------   c:\program files\MSXML 6.0
2009-02-13 23:36 . 2009-02-13 23:36      d--hs----   c:\windows\ftpcache
2009-02-12 22:46 . 2009-02-17 02:38      d-a------   c:\documents and settings\All Users\Application Data\TEMP
2009-02-12 18:19 . 2009-02-12 18:19      d--------   c:\windows\Sun
2009-02-12 17:00 . 2009-02-12 17:00      d--------   c:\program files\Windows Defender
2009-02-11 23:09 . 2009-02-11 23:09      d--------   C:\MicroGaming
2009-02-11 23:09 . 2009-02-11 23:09      d--------   c:\documents and settings\All Users\Application Data\Microgaming
2009-02-11 23:09 . 2009-02-11 23:17      d--------   c:\documents and settings\All Users\Application Data\MGS
2009-02-11 18:38 . 2009-02-11 18:40      d--------   c:\windows\system32\Adobe
2009-02-11 17:22 . 2009-02-17 17:36      d--------   c:\documents and settings\All Users\Application Data\Google Updater
2009-02-11 17:20 . 2009-02-11 17:34      d--------   c:\program files\Google
2009-02-10 07:47 . 2009-02-10 07:47   45,184   --a------   c:\windows\system32\drivers\intelsmb.sys
2009-02-10 07:46 . 2009-02-10 07:46   40,056   --a------   c:\windows\system32\NicInst.dll
2009-02-10 07:46 . 2009-02-10 07:46   35,424   --a------   c:\windows\system32\e100bmsg.dll
2009-02-10 07:46 . 2009-02-10 07:46   28,272   --a------   c:\windows\system32\NicCo2.dll
2009-02-10 07:46 . 2009-02-10 07:46   5,590   --a------   c:\windows\system32\e100b325.din
2009-02-10 07:42 . 2009-02-10 17:21      d--------   c:\program files\Driver Checker
2009-02-10 07:42 . 2008-12-03 17:40   81,408   --a------   c:\windows\system32\devcon_x64.exe
2009-02-10 07:42 . 2002-11-14 22:32   55,808   --a------   c:\windows\system32\devcon.exe
2009-02-10 07:18 . 2009-02-10 07:38      d--------   c:\program files\Error Repair Professional
2009-02-10 07:11 . 2009-02-10 07:14      d--------   c:\program files\RegCure
2009-02-10 06:51 . 2009-02-10 06:51      d--h-----   c:\windows\msdownld.tmp
2009-02-10 06:50 . 2009-02-10 06:50      d--------   c:\windows\Logs
2009-02-10 06:50 . 2009-02-10 06:50      d--------   c:\program files\SiSoftware
2009-02-10 06:49 . 2009-02-10 06:49      d--------   C:\Sandra
2009-02-10 05:49 . 2009-02-10 05:49      d--------   c:\documents and settings\bianco\Application Data\Astro Gemini Software
2009-02-10 05:49 . 2007-12-12 16:00   6,696,960   --a------   c:\windows\system32\Pirate Ship 3D Screensaver.scr
2009-02-10 05:18 . 2009-02-17 02:37      d--------   c:\documents and settings\bianco\Application Data\Azureus
2009-02-10 05:18 . 2009-02-10 05:18      d--------   c:\documents and settings\All Users\Application Data\Azureus
2009-02-10 04:09 . 2009-02-10 04:09      d--------   c:\program files\Lavalys
2009-02-09 19:09 . 2009-02-09 19:09      d--------   c:\windows\system32\NtmsData
2009-02-08 18:48 . 2009-02-08 18:49      d--------   c:\program files\Play89
2009-02-08 12:08 . 2009-02-08 12:08      d--------   C:\Webshots Data
2009-02-08 08:58 . 2009-02-08 08:58   39,576   --a------   c:\windows\system32\PUXPPLAT.UND
2009-02-08 08:56 . 2009-02-08 08:56      d--------   c:\program files\Ashampoo
2009-02-08 08:56 . 2001-12-07 09:45   448,192   --a------   c:\windows\system32\xitabs.dll
2009-02-08 08:56 . 2000-04-27 14:03   345,544   --a------   c:\windows\system32\xithreed.dll
2009-02-08 08:56 . 2003-04-28 17:37   282,624   --a------   c:\windows\system32\xitree.dll
2009-02-08 08:56 . 2004-03-09 00:00   260,880   --a------   c:\windows\system32\msflxgrd.ocx
2009-02-08 08:56 . 2004-04-29 14:21   163,840   --a------   c:\windows\system32\pwrupcid.dll
2009-02-08 08:56 . 1999-05-18 15:00   118,784   --a------   c:\windows\system32\pudrglst.ocx
2009-02-08 08:56 . 2004-06-12 18:51   102,400   --a------   c:\windows\system32\puxpman.exe
2009-02-08 08:56 . 2003-03-10 12:49   98,304   --a------   c:\windows\system32\xipopup.dll
2009-02-08 08:56 . 2003-04-09 11:21   94,208   --a------   c:\windows\system32\xislide.dll
2009-02-08 08:56 . 2003-06-10 07:50   90,112   --a------   c:\windows\system32\xipush.dll
2009-02-08 08:56 . 2004-06-12 18:51   45,056   --a------   c:\windows\system32\puxptwks.exe
2009-02-08 08:56 . 2002-01-30 12:15   15,392   --a------   c:\windows\system32\pwrupic.icl
2009-02-08 08:01 . 2009-02-16 19:53      d--------   c:\documents and settings\bianco\Application Data\Microgaming
2009-02-08 08:01 . 2009-02-08 08:01   59   --a------   c:\windows\pp.enc
2009-02-08 07:29 . 2009-02-08 07:29      d--------   c:\program files\Common Files\Hewlett-Packard
2009-02-08 07:29 . 2005-10-14 22:42   46,592   --a------   c:\windows\system32\hpzll43a.dll
2009-02-08 07:29 . 2008-04-13 20:45   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2009-02-08 07:29 . 2008-04-13 20:45   15,104   --a--c---   c:\windows\system32\dllcache\usbscan.sys
2009-02-08 07:28 . 1998-10-29 16:45   306,688   --a------   c:\windows\IsUninst.exe
2009-02-08 07:28 . 2005-03-14 12:03   278,584   --a------   c:\windows\system32\HPZidr12.dll
2009-02-08 07:28 . 2005-03-14 12:05   204,800   --a------   c:\windows\system32\HPZipr12.dll
2009-02-08 07:28 . 2005-03-08 11:55   94,208   --a------   c:\windows\system32\HPZipt12.dll
2009-02-08 07:28 . 2005-03-14 12:05   69,632   --a------   c:\windows\system32\HPZipm12.exe
2009-02-08 07:28 . 2005-03-14 13:39   65,536   --a------   c:\windows\system32\HPZinw12.exe
2009-02-08 07:28 . 2005-03-08 11:55   57,344   --a------   c:\windows\system32\HPZisn12.dll
2009-02-08 07:27 . 2009-02-08 07:28      d--------   c:\program files\HP
2009-02-08 07:27 . 2008-04-13 20:45   32,128   --a------   c:\windows\system32\drivers\usbccgp.sys
2009-02-08 07:27 . 2008-04-13 20:45   32,128   --a--c---   c:\windows\system32\dllcache\usbccgp.sys
2009-02-08 07:27 . 2008-04-13 20:47   25,856   --a------   c:\windows\system32\drivers\usbprint.sys
2009-02-08 07:27 . 2008-04-13 20:47   25,856   --a--c---   c:\windows\system32\dllcache\usbprint.sys
2009-02-08 07:26 . 2009-02-08 07:30   103,318   --a------   c:\windows\hpoins08.dat
2009-02-08 07:26 . 2005-10-28 03:24   49,664   --a------   c:\windows\system32\drivers\HPZid412.sys
2009-02-08 07:26 . 2005-10-28 03:24   21,568   --a------   c:\windows\system32\drivers\HPZius12.sys
2009-02-08 07:26 . 2005-10-28 03:24   16,496   --a------   c:\windows\system32\drivers\HPZipr12.sys
2009-02-08 07:26 . 2006-01-25 06:38   4,445   ---------   c:\windows\hpomdl08.dat
2009-02-08 07:25 . 2005-10-29 01:11   614,400   --a------   c:\windows\system32\hpotscl2.dll
2009-02-08 07:25 . 2005-10-29 01:11   602,112   --a------   c:\windows\system32\hpowiax2.dll
2009-02-08 07:25 . 2005-10-28 03:23   282,624   --a------   c:\windows\system32\HPZc3212.dll
2009-02-08 07:25 . 2005-10-29 01:11   254,026   --a------   c:\windows\system32\hpovst09.dll
2009-02-08 07:25 . 2005-09-10 01:28   98,304   --a------   c:\windows\system32\hpzjsn01.dll
2009-02-08 07:25 . 2005-10-28 03:23   77,824   --a------   c:\windows\system32\hpzids01.dll
2009-02-08 07:15 . 2009-02-08 07:15      d--------   C:\Swsetup
2009-02-08 06:20 . 2009-02-08 06:20      d--------   c:\documents and settings\bianco\Application Data\ATI
2009-02-08 06:20 . 2009-02-08 06:20      d--------   c:\documents and settings\All Users\Application Data\ATI
2009-02-08 06:19 . 2009-02-08 06:19   0   --a------   c:\windows\ativpsrm.bin
2009-02-08 06:16 . 2009-01-13 21:05   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-02-08 06:15 . 2009-02-08 06:17      d--------   c:\program files\ATI Technologies
2009-02-08 06:14 . 2009-02-08 06:14      d--------   C:\ATI
2009-02-08 06:12 . 2009-02-08 06:12      d--------   c:\program files\filehippo.com
2009-02-08 04:13 . 2009-02-08 04:13      d--------   c:\documents and settings\bianco\Application Data\Webshots
2009-02-08 03:52 . 2009-02-08 04:19      d---s----   c:\program files\Atomic Alarm Clock
2009-02-08 03:49 . 2009-02-08 03:49   1,023,035   --a------   c:\windows\system32\worldclock.scr
2009-02-08 03:42 . 2008-04-13 20:45   26,112   --a------   c:\windows\system32\drivers\usbser.sys
2009-02-08 03:42 . 2008-04-13 20:45   26,112   --a--c---   c:\windows\system32\dllcache\usbser.sys
2009-02-08 03:42 . 2008-03-21 13:57   14,640   ---------   c:\windows\system32\spmsgXP_2k3.dll
2009-02-08 03:42 . 2009-02-08 03:42   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-08 03:42 . 2009-02-08 03:42   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-08 03:41 . 2009-02-08 03:42      d--------   c:\documents and settings\bianco\Application Data\PC Suite
2009-02-08 03:41 . 2009-02-13 21:09      d--------   c:\documents and settings\bianco\Application Data\Nokia
2009-02-08 03:41 . 2009-02-08 03:42      d--------   c:\documents and settings\All Users\Application Data\PC Suite
2009-02-08 03:40 . 2009-02-08 03:40      d--------   c:\program files\DIFX
2009-02-08 03:40 . 2009-02-14 02:37      d--------   c:\program files\Common Files\Nokia
2009-02-08 03:39 . 2008-09-15 07:56   91,136   --a------   c:\windows\system32\nmwcdcls.dll
2009-02-08 03:38 . 2009-02-14 02:36      d--------   c:\documents and settings\All Users\Application Data\Installations
2009-02-08 03:26 . 2003-06-25 16:05   266,360   --a------   c:\windows\system32\TweakUI.exe
2009-02-08 03:26 . 2002-06-21 15:09   160,217   --a------   c:\windows\system32\PowerToysLicense.rtf
2009-02-08 02:57 . 2009-02-08 02:57      d--------   c:\documents and settings\bianco\Application Data\Auslogics
2009-02-08 02:16 . 2009-02-08 04:19      d---s----   c:\program files\Auslogics
2009-02-08 02:13 . 2009-02-08 04:23      d---s----   c:\program files\JPEGCrops
2009-02-08 02:07 . 2009-02-08 02:08      d--------   c:\program files\Common Files\Adobe
2009-02-08 00:14 . 2000-05-22 06:00   647,872   --a------   c:\windows\system32\MSCOMCT2.OCX
2009-02-08 00:14 . 2000-05-22 16:58   608,448   --a------   c:\windows\system32\comctl32.ocx
2009-02-08 00:14 . 2004-02-05 21:53   389,120   --a------   c:\windows\system32\actskn43.ocx
2009-02-08 00:14 . 2002-01-05 17:37   344,064   --a------   c:\windows\system32\Msvcr70.dll
2009-02-08 00:14 . 2004-01-08 02:43   253,952   --a------   c:\windows\system32\histogram.ocx
2009-02-08 00:14 . 2004-01-09 11:54   188,416   --a------   c:\windows\system32\actsplash.ocx

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 23:40   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-10 05:46   165,496   ----a-w   c:\windows\system32\drivers\e100b325.sys
2009-02-08 04:16   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-02-08 02:18   ---------   d-s---w   c:\program files\Alwil Software
2009-02-07 18:45   218,624   ----a-w   c:\windows\system32\uxtheme.dll
2009-02-07 16:06   ---------   d-----w   c:\program files\Intel
2009-02-07 14:18   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-14 07:14   3,455,488   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 05:46   11,591,680   ----a-w   c:\windows\system32\atioglxx.dll
2009-01-14 04:53   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2009-01-14 04:49   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47   323,584   ----a-w   c:\windows\system32\ati2dvag.dll
2009-01-14 04:36   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36   196,608   ----a-w   c:\windows\system32\atipdlxx.dll
2009-01-14 04:36   151,552   ----a-w   c:\windows\system32\Oemdspif.dll
2009-01-14 04:35   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-01-14 04:35   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-01-14 04:34   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2009-01-14 04:32   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22   4,009,152   ----a-w   c:\windows\system32\ati3duag.dll
2009-01-14 04:05   2,500,224   ----a-w   c:\windows\system32\ativvaxx.dll
2009-01-14 03:50   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2009-01-14 03:45   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2009-01-14 03:44   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-01-14 03:44   110,592   ----a-w   c:\windows\system32\atiadlxx.dll
2009-01-14 03:43   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2009-01-14 03:37   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2009-01-14 03:37   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2009-01-14 02:34   3,227,648   ----a-w   c:\windows\system32\Amdcaldd.dll
2008-12-20 22:47   826,368   ----a-w   c:\windows\system32\wininet.dll
.

------- Sigcheck -------

2008-04-14 18:12 976384 14fbfcbe5235e0611f93841a56234fdd   c:\windows\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 18:12 976384 14fbfcbe5235e0611f93841a56234fdd   c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 18:12 1034240 0c35f47295002f8a06419744e945d670   c:\windows\SoftwareDistribution\Download\9984669418340714420d21776d485276\explorer.exe

2004-09-14 16:12 111616 a5dc948b2b5700a7416f3b1d80b97a38   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4   c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-04-14 18:12 111616 dfb4a2bf37b64f992544c45b5c1241ba   c:\windows\SoftwareDistribution\Download\9984669418340714420d21776d485276\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4   c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22   c:\windows\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-07 509784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"mspwr"="c:\windows\system32\PuXpMan.exe" [2004-06-12 102400]
"PwrUpTweakMe"="c:\windows\system32\PuXpTwks.exe" [2004-06-12 45056]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\bianco\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
Webshots.lnk - d:\program files\Webshots\Launcher.exe [2009-02-07 157000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Poker\\NoiQpoker\\jre\\bin\\javaw.exe"=
"e:\\Poker\\Club4Aces.com\\jre\\bin\\javaw.exe"=
"g:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-07 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-07 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 gupdate1c98c5cacf28b8a;Google Update Service (gupdate1c98c5cacf28b8a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-02-10 98488]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 21:51]

2009-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 17:22]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 17:23]

2009-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-02-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-02-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

MSConfigStartUp-CTFMON - (no file)

.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 20:59:06
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2009-02-17 21:05:36
ComboFix-quarantined-files.txt 2009-02-17 19:05:29

Ennen ajoa: 8 254 541 824 tavua vapaana
Ajon jälkeen: 8,242,683,904 tavua vapaana

WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT

290   --- E O F ---   2009-02-16 23:35:33
- ?????????
  2009-02-17 23:02:44
  pistä tästäkin se loki sinne toiseen paikaan
  
  Kaspersky Online Scannerin
  
  Scannaa koneesi http://www.kaspersky.com/virusscanner
  
  Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
  • Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
  • Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
  • Klikkaa nyt asetuksia, Scan Settings
  • Tarkista asetuksista, että seuraavat ovat valittuina:
  o Scan using the following Anti-Virus database:
  Extended (Jos valittavissa, muuten valitse Standard)
  o Scan Options:
  Scan Archives
  Scan Mail Bases
  • Klikkaa OK
  • Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
  • Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
  • Klikkaa nyt Save as Text-painiketta.
  • Tallenna tiedosto työpöydällesi.
  • Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa
En saisi, silti toivon että sinä vielä palaat ja otetaan oikeasti selvää, hioituuko särmät ja sulaudummeko yhteen. Vuod
14.05.2025 12:09Ikävä
22
4914
Huomenta ihana
Kauniskasvoinen ihanuus 😘 saan sut vielä
15.05.2025 08:14Ikävä
20
3985
Hei rakas...
Miten on työpäivä sujunut? Rakastan sinua 💗
15.05.2025 13:38Ikävä
27
2331
Edelleen sitä on vaikea uskoa
Että olisit oikeasti rakastunut muhun
15.05.2025 09:49Ikävä
34
2134
Toiveikas vai toivoton
torstai? Ajatuksia?
15.05.2025 08:36Ikävä
37
1938
Vitsi mihin menit. Heti takasin.
Mä näin sut tuu takasin! Oli kiire, niin en ehtiny sin perään!
15.05.2025 14:44Ikävä
15
1828
En ole koskaan kokenut
Ennen mitään tällaista rakastumista. Tiedän että kaipaan sinua varmaan loppu elämän. Toivottavasti ei tarvitsisi vain ka
15.05.2025 19:21Ikävä
19
1547
Mukavaa päivää
Mun rakkauden kohteelle ❤️ toivottavasti olet onnellinen
15.05.2025 09:41Ikävä
12
1471
Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...
Ex-tangokuningas on parhaillaan konserttikiertueella. Hän esiintyi Savoy teatterissa äitienpäivänä. Sillanpää jakoi kons
15.05.2025 10:12Suomalaiset julkkikset
19
1185
Kerranki asiat oikein
Ilkka ja muut pienpuolueeet...teitte hyvän työn kun valitsitte pätevän henkilön virkaan eikä kepulle passelia!! Jatkakaa
15.05.2025 09:28Haapavesi
10
1124

Mikä tässä HJT lokissa on pielessä

Vastaukset

Luetuimmat keskustelut

Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa

Huomenta ihana

Hei rakas...

Edelleen sitä on vaikea uskoa

Toiveikas vai toivoton

Vitsi mihin menit. Heti takasin.

En ole koskaan kokenut

Mukavaa päivää

Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...

Kerranki asiat oikein

Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...

Euroviisut hallussa? Tule testaamaan tietosi Euroviisut-visassa!

Raideleveys muuttuu

Euroviisut 2025 alkoivat...

Suuri seikkailu -tippuja Jari Isometsää arvelutti tämä ennen kuvauksia: "Vähän mietitytti, kun..."

Kulujen jako parisuhteessa

Oho! Antti Railio yllättää - Tässäkö uusi tangokuningas? Tykkäisitkö?

Kauanko skuutteja on siedettävä? Ei tietoa liikennesäännöistä, ajellaan miten sattuu ja missä vain.

Janne Ahonen rehellisenä Suuri seikkailu -ruoista - Yllättävä seikka: "Ei, ei menty niin..."

Euroviisut ohjelmaa tällä vkolla tv:ssä 13.-17.5. - Katso tärkeät ajat tästä ja pysy kartalla!