Netti pätkii

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by eccu77, Apr 22, 2010.

Thread Status:
Not open for further replies.
  1. eccu77

    eccu77 Member

    Joined:
    Jan 2, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    Käytössä Soneran nettiyhteys, jossa esiintynyt parina päivänä pätkimistä. Yhteys katoaa itsestään, palailee toimintaan satunnaisesti. Löytyisikö vika koneen puolelta, modeemista vai Soneran yhteyksistä?

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 22:27:18, on 22.4.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\CNAB4RPK.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast5\afwServ.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration -palvelu (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NMSAccess - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6113 bytes


    ComboFix 10-04-18.04 - Käyttäjä 22.04.2010 19:34:29.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2047.1634 [GMT 3:00]
    Sijainti: c:\documents and settings\Käyttäjä\Desktop\ComboFix.exe
    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2010-03-22 to 2010-04-22 )))))))))))))))))
    .

    2010-04-21 16:14 . 2010-04-21 16:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-21 16:14 . 2010-04-21 16:14 -------- d-----w- c:\program files\Common Files\SupportSoft
    2010-04-21 16:12 . 2010-04-21 16:12 -------- d-----w- c:\program files\MSXML 4.0
    2010-04-21 16:03 . 2010-04-21 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-04-21 15:56 . 2010-04-21 15:56 -------- d-----w- c:\program files\Sonera
    2010-04-21 15:56 . 2010-04-21 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
    2010-04-20 15:17 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-20 15:17 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-20 15:17 . 2010-04-14 16:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-04-20 15:17 . 2010-04-14 16:37 102736 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-04-20 15:16 . 2010-04-14 16:36 196048 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-04-20 15:16 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-20 15:16 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-20 15:16 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-20 15:16 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-20 15:16 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-20 15:16 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-04-20 15:16 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-20 15:16 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-20 15:16 . 2010-04-20 15:16 -------- d-----w- c:\program files\Alwil Software
    2010-04-20 15:16 . 2010-04-20 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-04-19 15:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-19 15:10 . 2010-04-21 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-19 15:10 . 2010-04-19 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-19 15:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 06:39 . 2008-11-07 15:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2010-04-17 07:46 . 2010-04-17 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
    2010-04-17 07:43 . 2008-08-26 06:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-04-17 07:43 . 2009-11-23 10:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
    2010-04-17 07:43 . 2010-04-21 16:12 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-04-17 07:43 . 2010-02-26 10:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
    2010-04-17 07:43 . 2010-02-26 10:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
    2010-04-17 07:43 . 2010-02-26 10:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
    2010-04-17 07:43 . 2010-02-26 10:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
    2010-04-17 07:43 . 2010-02-26 10:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-04-17 07:43 . 2010-02-26 10:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2010-04-17 07:42 . 2010-04-17 07:42 35402064 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\NokiaSoftwareUpdaterSetup_fi[1].exe
    2010-04-17 07:42 . 2010-04-17 07:42 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\Sleep.exe
    2010-04-17 07:42 . 2010-04-17 07:42 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\msxml6Exec.exe
    2010-04-17 07:42 . 2010-04-17 07:42 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\vcredistExec.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-21 16:13 . 2010-03-19 14:13 -------- d-----w- c:\program files\Common Files\Nokia
    2010-04-21 16:12 . 2010-03-19 14:13 -------- d-----w- c:\program files\DIFX
    2010-04-21 16:12 . 2010-03-19 14:13 -------- d-----w- c:\program files\Nokia
    2010-04-18 06:43 . 2010-04-18 06:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2010-04-18 06:40 . 2010-04-18 06:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    2010-04-18 06:40 . 2010-04-18 06:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-04-17 07:44 . 2010-03-19 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
    2010-04-17 07:44 . 2010-04-17 07:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2010-04-17 07:44 . 2010-04-17 07:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2010-04-05 12:47 . 2010-02-09 19:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-05 12:47 . 2010-02-09 17:44 -------- d-----w- c:\program files\ASUS
    2010-04-05 09:20 . 2010-02-09 14:15 -------- d-----w- c:\program files\CCleaner
    2010-03-24 17:14 . 2010-02-10 13:51 -------- d-----w- c:\program files\CrystalMark
    2010-03-20 08:11 . 2009-11-19 14:54 1965056 ----a-w- c:\documents and settings\All Users\Application Data\ifolor\Designer21_FI\Ifolor.Designer.exe
    2010-03-19 14:18 . 2010-03-19 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
    2010-03-19 14:13 . 2010-03-19 14:13 -------- d-----w- c:\program files\Common Files\PCSuite
    2010-03-19 14:08 . 2010-03-19 14:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2010-03-13 14:56 . 2010-02-09 14:42 -------- d-----w- c:\program files\uTorrent
    2010-03-10 18:26 . 2010-03-10 18:26 -------- d-----w- c:\program files\Topfield
    2010-03-10 15:43 . 2010-02-12 20:24 -------- d-----w- c:\program files\Canon
    2010-03-10 15:19 . 2010-03-10 14:40 -------- d-----w- c:\program files\Common Files\Canon
    2010-03-10 14:43 . 2010-03-10 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2010-03-10 06:15 . 2004-08-10 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 14:49 . 2010-02-13 09:06 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-03-09 14:28 . 2010-02-09 14:34 -------- d-----w- c:\program files\super_pi_mod
    2010-02-26 10:32 . 2008-05-02 08:58 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
    2010-02-25 06:24 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-10 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 15:41 . 2010-02-22 15:41 -------- d-----w- c:\program files\BUFFALO
    2010-02-22 15:30 . 2010-02-22 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
    2010-02-22 15:30 . 2010-02-22 15:28 -------- d-----w- c:\program files\Common Files\Logishrd
    2010-02-22 15:29 . 2010-02-22 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2010-02-22 15:29 . 2010-02-22 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2010-02-22 15:29 . 2010-02-22 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2010-02-22 15:29 . 2010-02-22 15:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2010-02-22 15:28 . 2010-02-22 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
    2010-02-22 15:28 . 2010-02-22 15:28 -------- d-----w- c:\program files\Logitech
    2010-02-17 06:10 . 2004-08-10 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 15:22 . 2009-11-20 08:28 991744 ----a-w- c:\documents and settings\All Users\Application Data\ifolor\Designer21_FI\Plug-Ins\Designer.Resources.dll
    2010-02-12 10:03 . 2010-03-17 18:09 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33 . 2004-08-10 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-10 13:51 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
    2010-02-09 20:38 . 2010-02-09 20:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-09 20:05 . 2010-02-09 20:05 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-09 20:04 . 2010-02-09 20:04 0 ----a-w- c:\windows\nsreg.dat
    2010-02-09 19:28 . 2010-02-09 19:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-02-09 12:24 . 2010-02-09 19:31 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-02-09 11:19 . 2010-02-09 11:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-02-09 11:19 . 2010-02-09 11:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-02-02 18:00 . 2010-02-09 15:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-04-19_17.36.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-22 16:18 . 2010-04-22 16:18 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
    + 2004-08-10 12:00 . 2010-04-21 16:00 72040 c:\windows\system32\perfc009.dat
    - 2004-08-10 12:00 . 2010-04-18 06:45 72040 c:\windows\system32\perfc009.dat
    + 2004-08-10 12:00 . 2010-04-21 16:00 444164 c:\windows\system32\perfh009.dat
    - 2004-08-10 12:00 . 2010-04-18 06:45 444164 c:\windows\system32\perfh009.dat
    + 2010-03-01 14:03 . 2010-04-21 16:14 2016588 c:\windows\system32\Restore\rstrlog.dat
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-10 611712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

    c:\documents and settings\K„ytt„j„\Start Menu\Programs\Startup\AutorunsDisabled
    Logitech . Tuotteen rekister”inti.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-22 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=
    "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [20.4.2010 18:16 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [20.4.2010 18:16 196048]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [20.4.2010 18:17 102736]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.4.2010 18:17 297552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.4.2010 18:17 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.4.2010 18:17 19024]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [22.2.2010 18:30 10384]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 13:46 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 13:46 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 13:46 72728]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [20.4.2010 18:16 119200]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9.2.2010 14:20 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4.6.2009 13:46 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4.6.2009 13:46 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4.6.2009 13:46 72728]
    S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 22:11 13312]
    S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [5.10.2005 21:44 468768]
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2010-04-21 c:\windows\Tasks\SyncBackPro Backup Omat tiedostot.job
    - c:\program files\2BrightSparks\SyncBackPro\SyncBackPro.exe [2010-02-09 06:49]

    2010-04-16 c:\windows\Tasks\SyncBackPro Backup Suosikit.job
    - c:\program files\2BrightSparks\SyncBackPro\SyncBackPro.exe [2010-02-09 06:49]
    .
    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://www.google.fi/
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\olo1pnzs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
    FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOXIN KÄYTÄNNÖT ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-22 19:49
    Windows 5.1.2600 Service Pack 3 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    - - - - - - - > 'winlogon.exe'(1224)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(2092)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Valmistumisajankohta: 2010-04-22 19:50:52
    ComboFix-quarantined-files.txt 2010-04-22 16:50
    ComboFix2.txt 2010-04-21 15:34
    ComboFix3.txt 2010-04-19 17:37

    Ennen ajoa: 141 721 280 512 bytes free
    Ajon jälkeen: 141 684 645 888 bytes free

    - - End Of File - - 8FFC04D83B0EE396504299AB7BEED8F4
     
    eccu77, Apr 22, 2010
    #1
Thread Status:
Not open for further replies.

Share This Page