windows käynnistyy uudestaan, uudestaan... HJT mukana

tsekkaisko joku, että onko logissa jotain häikkää kun vaihtelevasti saa käynnistellä uudestaan windowsia....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:00, on 15.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\FILES\SETUP\OSE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1221069762339
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1221069750057
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 4765 bytes

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=============

Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen.
Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

=============

koskas pölyt putsattu koneen sisältä

 

ComboFix 08-09-16.05 - Heikkilä 2008-09-17 18:38:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.654 [GMT 3:00]
Sijainti: C:\Downloads\ComboFix.exe
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-17 to 2008-09-17 )))))))))))))))))
.

2008-09-17 18:32 . 2008-09-17 18:32 <KANSIO> dr-h----- C:\MSOCache
2008-09-15 20:05 . 2008-09-15 20:05 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-15 19:56 . 2008-09-15 19:56 <KANSIO> d-------- C:\Documents and Settings\Heikkilä\Application Data\ArcSoft
2008-09-15 19:40 . 2008-09-15 19:40 <KANSIO> d-------- C:\Documents and Settings\Heikkilä\Application Data\Canon
2008-09-15 19:21 . 2008-04-13 21:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-15 19:21 . 2008-04-13 21:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-15 19:20 . 2008-09-15 19:20 <KANSIO> d-------- C:\Documents and Settings\Heikkilä\Application Data\ScanSoft
2008-09-15 19:20 . 2008-09-15 19:59 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
2008-09-15 19:20 . 2008-09-15 19:20 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-09-15 19:18 . 2008-09-15 19:18 <KANSIO> d-------- C:\Program Files\ArcSoft
2008-09-15 19:18 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-09-15 19:15 . 2008-09-15 19:15 <KANSIO> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-09-15 19:15 . 2006-09-12 23:00 197,632 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-09-15 19:13 . 2008-09-15 19:16 <KANSIO> d-------- C:\Program Files\Canon
2008-09-15 19:10 . 2008-04-13 21:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 19:10 . 2008-04-13 21:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-15 19:09 . 2008-04-13 21:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-15 19:09 . 2008-04-13 21:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-15 18:54 . 2008-09-15 18:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-14 08:13 . 2001-10-05 16:31 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2008-09-14 08:13 . 2001-10-05 16:31 462,848 --a------ C:\WINDOWS\system32\a3dapi.dll
2008-09-14 08:13 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-09-14 08:13 . 2000-06-22 13:09 56,320 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-09-14 08:11 . 2008-09-14 08:11 <KANSIO> d-------- C:\Program Files\LEGO Media
2008-09-14 08:09 . 2008-04-13 21:45 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-09-14 08:09 . 2008-04-13 21:45 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-09-12 22:29 . 2008-09-12 22:29 <KANSIO> d-------- C:\Documents and Settings\NetworkService.NT-HALLINTA\Käynnistä-valikko
2008-09-11 16:36 . 2008-06-20 14:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-11 16:36 . 2008-06-20 20:47 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-11 16:36 . 2008-06-20 14:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-11 16:36 . 2008-06-20 20:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-11 16:36 . 2008-06-20 14:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-09-11 16:28 . 2008-04-14 19:11 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-09-11 16:28 . 2008-04-14 19:11 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-11 16:28 . 2008-04-14 19:11 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-09-11 16:28 . 2008-04-14 19:11 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-11 16:26 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-11 16:25 . 2008-04-14 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-09-11 16:25 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-11 16:25 . 2008-04-14 19:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-09-11 16:25 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-09-10 23:54 . 2004-09-15 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-10 23:52 . 2008-04-13 22:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-09-10 23:52 . 2008-04-13 21:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-09-10 23:52 . 2008-04-13 21:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-09-10 23:51 . 2008-04-13 21:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-09-10 23:51 . 2008-04-13 19:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-09-10 23:51 . 2008-04-13 22:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-09-10 23:51 . 2008-04-13 21:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-09-10 23:51 . 2008-04-13 21:39 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2008-09-10 23:51 . 2008-04-13 21:39 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2008-09-10 23:51 . 2008-04-13 21:39 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2008-09-10 23:51 . 2008-04-13 21:45 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-09-10 23:50 . 2008-09-10 23:50 <KANSIO> d-------- C:\Program Files\C-Media 3D Audio
2008-09-10 23:49 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-10 23:32 . 2008-09-10 20:43 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-09-10 23:28 . 2008-09-16 08:02 90,112 --a------ C:\WINDOWS\DUMP3c5d.tmp
2008-09-10 23:13 . 2008-09-10 23:13 <KANSIO> d-------- C:\Program Files\Java
2008-09-10 23:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-10 23:07 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-10 23:05 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-10 23:05 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 23:04 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-10 22:53 . 2008-06-23 19:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-10 22:53 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-10 22:53 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-10 22:53 . 2008-06-23 19:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-10 22:53 . 2008-06-23 19:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-10 22:53 . 2008-06-23 19:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-10 22:53 . 2008-06-23 19:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-10 22:53 . 2008-06-23 19:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-10 22:53 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-10 22:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-09-10 22:28 . 2008-09-10 22:28 <KANSIO> d-------- C:\Program Files\COMODO
2008-09-10 22:28 . 2008-09-10 22:28 <KANSIO> d-------- C:\Documents and Settings\Heikkilä\Application Data\Comodo
2008-09-10 22:28 . 2008-09-10 22:45 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-09-10 22:28 . 2008-09-10 22:28 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-10 22:28 . 2008-09-10 22:28 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-10 22:28 . 2008-09-10 22:28 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-10 22:26 . 2008-09-10 22:26 <KANSIO> d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Käynnistä-valikko
2008-09-10 22:19 . 2008-09-10 22:26 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-09-10 22:04 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-10 22:04 . 2008-04-14 09:12 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-09-10 22:04 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-09-10 22:04 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-09-10 21:38 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-09-10 21:37 . 2006-02-21 20:46 1,505,792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-10 21:37 . 2006-02-21 20:46 1,505,792 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-09-10 21:37 . 2008-04-14 19:11 1,057,760 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2008-09-10 21:37 . 2008-04-14 19:11 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-09-10 21:37 . 2006-02-21 20:46 256,512 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-09-10 21:37 . 2008-04-14 19:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-09-10 21:37 . 2008-04-14 18:40 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-10 21:36 . 2004-08-04 08:31 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Verkkoympäristö
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d-------- C:\Documents and Settings\Default User.WINDOWS\Työpöytä
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Tulostinympäristö
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d-------- C:\Documents and Settings\Default User.WINDOWS\Suosikit
2008-09-10 21:34 . 2008-09-10 20:35 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS\Mallit
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> dr------- C:\Documents and Settings\Default User.WINDOWS\Käynnistä-valikko
2008-09-10 21:34 . 2008-09-15 20:04 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Työpöytä
2008-09-10 21:34 . 2008-09-10 22:42 <KANSIO> dr------- C:\Documents and Settings\All Users.WINDOWS\Tiedostot
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Suosikit
2008-09-10 21:34 . 2008-09-10 21:34 <KANSIO> d--h----- C:\Documents and Settings\All Users.WINDOWS\Mallit
2008-09-10 21:34 . 2008-09-12 21:18 <KANSIO> dr------- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko
2008-09-10 21:33 . 2008-09-10 20:47 <KANSIO> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-09-10 21:33 . 2008-09-10 20:39 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-09-10 21:13 . 2007-08-10 08:17 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-10 21:12 . 2008-04-14 19:11 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-09-10 21:12 . 2008-04-14 19:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-09-10 21:12 . 2008-04-14 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-09-10 21:12 . 2008-04-14 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-09-10 21:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-10 21:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-10 21:03 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-09-10 21:03 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-09-10 21:03 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-09-10 21:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-09-10 21:03 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-10 21:03 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-09-10 21:03 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-10 21:03 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-10 21:03 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-10 21:01 . 2008-09-10 21:01 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-09-10 21:01 . 2003-03-18 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 05:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 20:49 32,768 ----a-w C:\WINDOWS\system32\udaprop.dll
2008-09-10 20:48 754,560 ----a-w C:\WINDOWS\system32\drivers\cmuda.sys
2008-09-10 20:48 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2008-09-10 20:48 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2008-09-10 20:48 28,672 ----a-w C:\WINDOWS\system32\cmirmdrv.dll
2008-09-10 20:48 233,472 ----a-w C:\WINDOWS\system32\cmirmdrv.exe
2008-09-10 20:48 114,688 ----a-w C:\WINDOWS\system32\cmuda.dll
2008-09-10 17:40 558,142 ----a-w C:\WINDOWS\java\Packages\3FDNJ7BP.ZIP
2008-09-10 17:40 155,995 ----a-w C:\WINDOWS\java\Packages\1ZL3ZJXJ.ZIP
2008-09-06 00:33 --------- d-----w C:\Program Files\Common Files\DirectX
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-11-14 13:02 49,240 ----a-w C:\Documents and Settings\konemies\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-10 1655552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-10 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-10 24208]

*Newly Created Service* - PROCEXP90
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Täydentävä tarkistus -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fi/
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************
tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...


**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROSESSI: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Valmistumisajankohta: 2008-09-17 18:46:04
ComboFix-quarantined-files.txt 2008-09-17 15:44:58

Pre-Run: 58,787,971,072 tavua vapaana
Post-Run: 59,010,637,824 tavua vapaana

212 --- E O F --- 2008-09-13 18:05:36


***pari päivää pölyjen puhalluksesta... ja xp:kin asennettu uudelleen.. tänään aukesi jo toisella kerralla ja kun aukeaa kunnolla niin ei sammu enää käytön aikana, eli siis starttailu tapahtuu xp logon ensinäkymän aikana****

 

ajas tuo Malwarebytes' Anti-Malware