HJT täynnä roskaa?

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Salorni 23.03.2011.

  1. Salorni

    Salorni Member

    Liittynyt:
    03.01.2008
    Viestejä:
    94
    Kiitokset:
    0
    Pisteet:
    16
    Moro! tuli tossa ladattua oikea tiedosto väärästä paikasta ja siitä sitten asentui 4 erikoista softaa koneelle. No sain ohjelmat poistettua mutta kun katson tätä HJT:ta niin kyllä tuola ylimääräistä roinaa minun mielestäni on käynnissä mutta mitä :S

    Jos jaksatte vielä tänään vilkaista niin olis mahtava juttu.

    Kiitos etukäteen!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:55:31, on 23.3.2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\Trillian\trillian.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

    --
    End of file - 20366 bytes
     
    Salorni, 23.03.2011
    #1
  2.  
  3. Salorni

    Salorni Member

    Liittynyt:
    03.01.2008
    Viestejä:
    94
    Kiitokset:
    0
    Pisteet:
    16
    Uppia

    Malwarebytes ei löytänyt mitään

    Laitan tänne nyt aika jälestä päin combofixin tarkistuksen

    ComboFix 11-04-05.01 - Fallen 05.04.2011 22:00:35.1.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.4094.2399 [GMT 3:00]
    Sijainti: c:\users\Fallen\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Fallen\AppData\Roaming\AwTV
    c:\users\Fallen\AppData\Roaming\AwTV\awtv.asd
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-03-05 to 2011-04-05 )))))))))))))))))
    .
    .
    2011-04-05 19:03 . 2011-04-05 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-05 18:57 . 2011-04-05 18:59 -------- d-----w- C:\32788R22FWJFW
    2011-04-05 17:53 . 2011-04-05 17:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2011-04-05 17:53 . 2011-04-05 17:53 460592 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-05 16:33 . 2011-04-05 16:33 -------- d-----w- c:\users\Fallen\AppData\Local\ElevatedDiagnostics
    2011-04-05 16:18 . 2011-04-05 16:18 -------- d-----w- c:\users\Fallen\AppData\Local\Apps
    2011-04-05 15:30 . 2011-04-05 15:30 -------- d-----w- c:\windows\fi
    2011-04-05 07:18 . 2011-04-05 07:18 -------- d-----w- c:\users\Fallen\AppData\Local\{EC7B799F-2BDB-4997-9056-316D2933A010}
    2011-04-04 21:04 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87EDA6C4-4175-4036-B01C-88B0C1DEB9D6}\mpengine.dll
    2011-04-04 11:33 . 2011-04-04 11:33 -------- d-----w- c:\windows\ehome
    2011-04-04 11:32 . 2011-04-05 18:08 -------- d-----r- c:\users\Public\Recorded TV
    2011-04-04 11:32 . 2011-04-04 11:32 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
    2011-04-03 15:10 . 2011-04-03 15:10 -------- d-----w- c:\users\Fallen\AppData\Local\{260FC98D-B25B-4A7E-BBC7-266320908D35}
    2011-04-03 15:06 . 2011-04-05 15:32 -------- d-----w- c:\users\Fallen\AppData\Roaming\Skype
    2011-04-03 15:05 . 2011-04-03 15:05 -------- d-----r- c:\program files (x86)\Skype
    2011-04-03 15:05 . 2011-04-03 15:05 -------- d-----w- c:\programdata\Skype
    2011-04-03 09:53 . 2011-04-03 09:53 -------- d-----w- c:\programdata\HipSoft
    2011-04-01 22:33 . 2011-04-01 22:33 -------- d-----w- c:\users\Fallen\AppData\Local\{53B874BB-D234-40F0-8C6A-DA50F905A345}
    2011-04-01 07:48 . 2011-04-01 07:48 -------- d-----w- c:\users\Fallen\AppData\Local\{AFF8E6AD-9236-448B-9455-2E23BF2F2883}
    2011-03-31 13:21 . 2011-03-31 13:21 -------- d-----w- c:\users\Fallen\AppData\Local\{EDFA4386-1D65-42A7-B5D0-47AF2C01DB84}
    2011-03-30 08:34 . 2011-03-30 08:35 -------- d-----w- c:\users\Fallen\AppData\Local\{7E4F501B-B354-4BEC-8496-EFEDEDAE3793}
    2011-03-29 14:23 . 2011-03-29 14:23 -------- d-----w- c:\users\Fallen\AppData\Roaming\DarksporeData
    2011-03-29 13:11 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-03-29 13:11 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
    2011-03-29 13:11 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2011-03-29 13:11 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
    2011-03-29 13:11 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
    2011-03-29 13:11 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
    2011-03-29 11:55 . 2011-03-29 11:55 -------- d-----w- c:\users\Fallen\AppData\Local\{FCF5077A-B273-4009-B2CC-3EE87DFCFA01}
    2011-03-28 10:22 . 2011-04-05 13:23 -------- d-----w- c:\users\Fallen\AppData\Roaming\Spotify
    2011-03-28 10:22 . 2011-04-05 13:20 -------- d-----w- c:\users\Fallen\AppData\Local\Spotify
    2011-03-28 10:22 . 2011-03-28 10:22 -------- d-----w- c:\program files (x86)\Spotify
    2011-03-28 09:10 . 2011-03-28 09:10 -------- d-----w- c:\users\Fallen\AppData\Local\{0BE582F1-5FA9-4138-92B3-8DFDF2EC69AD}
    2011-03-27 11:54 . 2011-03-27 11:55 -------- d-----w- c:\users\Fallen\AppData\Local\{6CC0C98E-2712-4239-AEA2-DF3ACCBD8D37}
    2011-03-26 11:41 . 2011-03-26 11:44 -------- d-----w- c:\users\Fallen\AppData\Roaming\Nokia
    2011-03-26 11:41 . 2011-03-26 11:42 -------- d-----w- c:\users\Fallen\AppData\Roaming\PC Suite
    2011-03-26 11:41 . 2011-03-26 11:42 -------- d-----w- c:\programdata\PC Suite
    2011-03-26 11:39 . 2011-03-26 11:39 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
    2011-03-26 11:39 . 2011-03-26 11:39 -------- d-----w- c:\program files (x86)\Common Files\Nokia
    2011-03-26 11:39 . 2011-03-26 11:42 -------- d-----w- c:\program files\DIFX
    2011-03-26 11:39 . 2008-08-28 09:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
    2011-03-26 11:39 . 2011-03-26 11:39 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-03-26 11:39 . 2011-03-26 11:39 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
    2011-03-26 11:39 . 2011-03-26 11:39 -------- d-----w- c:\program files (x86)\Nokia
    2011-03-26 11:39 . 2010-07-30 12:18 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
    2011-03-26 11:38 . 2011-03-26 11:38 -------- d-----w- c:\programdata\Installations
    2011-03-26 11:07 . 2011-03-26 11:08 -------- d-----w- c:\users\Fallen\AppData\Local\{20EBF83B-7456-459F-B2FA-35F19E586F7B}
    2011-03-26 08:59 . 2000-11-29 01:07 307200 ----a-w- c:\windows\system32\msvcr70.dll
    2011-03-26 08:52 . 2011-03-26 08:52 90112 ----a-w- c:\windows\Cuninst.exe
    2011-03-26 08:21 . 2010-11-30 08:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-03-26 08:21 . 2010-11-30 08:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B78AA05A-92EA-426E-B649-3CF9581F90D9}\gapaengine.dll
    2011-03-25 13:15 . 2011-03-25 13:29 -------- d-----w- c:\users\Fallen\AppData\Local\Microsoft Games
    2011-03-24 08:42 . 2011-03-24 08:42 -------- d-----w- c:\program files (x86)\ReflexiveArcade
    2011-03-24 08:38 . 2011-03-24 08:38 -------- d-----w- c:\users\Fallen\AppData\Local\{5FE0D501-43D1-44DB-AF67-568821E8D489}
    2011-03-23 19:44 . 2011-03-23 19:44 388096 ----a-r- c:\users\Fallen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-23 19:44 . 2011-03-23 19:44 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-03-23 19:40 . 2011-03-26 08:34 -------- d-----w- c:\users\Fallen\AppData\Roaming\Nero
    2011-03-23 19:39 . 2011-03-23 19:39 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2011-03-23 19:39 . 2011-03-23 19:40 -------- d-----w- c:\program files (x86)\Nero
    2011-03-23 19:38 . 2011-03-23 19:40 -------- d-----w- c:\programdata\Nero
    2011-03-23 18:19 . 2011-03-23 18:19 -------- d-----w- c:\users\Fallen\AppData\Roaming\Canneverbe Limited
    2011-03-23 18:19 . 2011-03-23 18:19 -------- d-----w- c:\programdata\Canneverbe Limited
    2011-03-22 19:24 . 2011-03-22 19:29 -------- d-----w- c:\program files (x86)\Window Gadgets
    2011-03-21 08:51 . 2011-03-21 08:52 -------- d-----w- c:\users\Fallen\AppData\Local\{2E990E0E-A840-47EF-A12C-FAAA437E4581}
    2011-03-20 09:02 . 2011-03-20 09:03 -------- d-----w- c:\users\Fallen\AppData\Local\{AA13A18E-57CC-470E-A352-EE573ED9EDB1}
    2011-03-19 17:49 . 2011-03-19 17:50 -------- d-----w- c:\users\Fallen\AppData\Local\{01502256-5C97-48D0-BF97-0E69D3C9881E}
    2011-03-19 10:08 . 2011-03-19 17:17 -------- d-----w- c:\programdata\PopCap Games
    2011-03-19 10:07 . 2011-03-19 12:02 2829 ----a-w- c:\windows\War3Unin.pif
    2011-03-19 10:07 . 2011-03-19 12:02 139264 ----a-w- c:\windows\War3Unin.exe
    2011-03-18 18:03 . 2009-04-16 12:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
    2011-03-18 18:01 . 2011-03-18 18:01 -------- d-----w- c:\program files (x86)\Common Files\HP
    2011-03-18 18:01 . 2011-03-18 18:01 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2011-03-18 18:01 . 2009-04-16 12:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll
    2011-03-18 18:00 . 2011-03-18 18:01 -------- d-----w- c:\program files (x86)\HP
    2011-03-18 18:00 . 2011-03-18 18:00 -------- d-----w- c:\program files\HP
    2011-03-18 17:59 . 2011-03-18 17:59 -------- d-----w- c:\programdata\HP
    2011-03-18 17:59 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
    2011-03-18 17:59 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_p02c.dll
    2011-03-18 17:59 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_p02a.dll
    2011-03-18 17:59 . 2009-02-11 11:03 1403904 ----a-w- c:\windows\system32\hpost_p02c.dll
    2011-03-18 17:59 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-03-17 09:33 . 2011-03-17 09:33 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-17 09:32 . 2011-03-17 09:32 -------- d-----w- c:\programdata\McAfee
    2011-03-16 17:34 . 2011-03-16 17:34 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-03-16 16:45 . 2011-03-16 16:45 -------- d-----w- c:\users\Fallen\AppData\Roaming\SystemRequirementsLab
    2011-03-16 16:43 . 2011-03-16 16:43 -------- d-----w- c:\users\Fallen\AppData\Local\{728DCAF6-D2EA-41ED-B094-7670F421228A}
    2011-03-16 16:41 . 2011-02-02 19:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-16 16:41 . 2011-03-17 09:32 -------- d-----w- c:\program files (x86)\Java
    2011-03-16 16:36 . 2011-03-16 16:36 521448 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-16 16:36 . 2011-03-16 16:36 -------- d-----w- c:\program files\Java
    2011-03-15 16:07 . 2011-03-15 16:07 -------- d-----w- c:\users\Fallen\AppData\Roaming\Foxit Software
    2011-03-15 16:05 . 2011-03-15 16:05 -------- d-----w- c:\program files (x86)\Foxit Software
    2011-03-15 06:21 . 2011-03-15 06:21 -------- d-----w- c:\users\Fallen\AppData\Local\{98648FD3-BFBC-4D0B-AC24-6656537DFCDE}
    2011-03-14 17:09 . 2011-03-14 17:09 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-03-14 17:00 . 2011-03-14 17:00 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2011-03-14 16:25 . 2009-12-17 07:25 14311680 ----a-w- c:\windows\system32\xlive.dll
    2011-03-14 16:17 . 2011-03-14 16:50 -------- d-----w- c:\users\Fallen\AppData\Local\Fallout3
    2011-03-14 16:04 . 2011-03-14 16:04 -------- d-----w- c:\windows\SysWow64\xlive
    2011-03-14 09:46 . 2011-03-16 13:44 -------- d-----w- c:\users\Fallen\AppData\Local\VMware
    2011-03-14 09:46 . 2011-03-16 13:44 -------- d-----w- c:\users\Fallen\AppData\Roaming\VMware
    2011-03-14 09:37 . 2010-11-11 11:49 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
    2011-03-14 09:37 . 2010-11-11 11:49 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
    2011-03-14 09:36 . 2010-11-11 11:48 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
    2011-03-14 09:36 . 2010-11-11 11:48 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
    2011-03-14 09:36 . 2010-11-11 11:47 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
    2011-03-14 09:36 . 2010-11-11 11:49 968816 ----a-w- c:\windows\system32\vnetlib64.dll
    2011-03-14 09:36 . 2010-11-11 11:47 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
    2011-03-14 09:36 . 2010-11-11 10:31 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
    2011-03-14 09:35 . 2011-03-14 09:35 -------- d-----w- c:\program files (x86)\Common Files\VMware
    2011-03-14 09:35 . 2011-04-05 07:16 -------- d-----w- c:\programdata\VMware
    2011-03-14 09:35 . 2011-03-14 09:35 -------- d-----w- c:\program files (x86)\VMware
    2011-03-13 22:02 . 2011-03-13 22:02 -------- d-----w- c:\users\Fallen\AppData\Local\{39E90124-4961-485A-92C5-2522431F4DC7}
    2011-03-12 20:10 . 2011-04-02 09:38 -------- d-----w- c:\users\Fallen\AppData\Roaming\TS3Client
    2011-03-12 20:09 . 2011-03-12 20:09 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2011-03-11 17:34 . 2011-03-11 17:34 -------- d-----w- c:\users\Fallen\AppData\Local\{9F80EE48-5DAC-4135-9E28-3961E98D0B31}
    2011-03-11 17:03 . 2011-03-11 17:03 -------- d-----w- c:\users\Fallen\AppData\Local\{1F1145B2-3EC5-4790-970E-823B59019058}
    2011-03-10 18:26 . 2011-03-10 18:26 -------- d-----w- c:\users\Fallen\AppData\Roaming\Leadertech
    2011-03-10 18:26 . 2011-03-10 18:26 53248 ----a-r- c:\users\Fallen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-03-10 18:26 . 2011-03-10 18:26 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
    2011-03-10 18:26 . 2011-03-12 22:31 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-03-10 18:26 . 2011-03-10 18:26 -------- d-----w- c:\programdata\Logishrd
    2011-03-10 18:26 . 2011-03-10 18:26 -------- d-----w- c:\program files\Logitech
    2011-03-10 18:25 . 2011-03-10 18:26 -------- d-----w- c:\program files\Common Files\LogiShrd
    2011-03-10 18:23 . 2011-03-10 18:27 -------- d-----w- c:\users\Fallen\AppData\Roaming\Logitech
    2011-03-10 18:23 . 2011-03-10 18:25 -------- d-----w- c:\users\Fallen\AppData\Roaming\Logishrd
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-09 09:29 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 16:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-07 16:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
    2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
    2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
    2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-01-26 22:40 . 2011-01-26 22:40 4847616 ----a-w- c:\windows\system32\atidxx64.dll
    2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-01-26 22:24 . 2011-01-26 22:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
    2011-01-26 22:20 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-01-26 22:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    .
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
    .
    c:\users\Fallen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-2-15 2068832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoAutorun"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
    FF - ProfilePath - c:\users\Fallen\AppData\Roaming\Mozilla\Firefox\Profiles\67q9v33x.default\
    FF - prefs.js: browser.startup.homepage - google.fi
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_USERS\S-1-5-21-1275711632-1130104299-4091064242-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1275711632-1130104299-4091064242-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Valmistumisajankohta: 2011-04-05 22:05:20
    ComboFix-quarantined-files.txt 2011-04-05 19:05
    .
    Ennen ajoa: 70 620 012 544 bytes free
    Ajon jälkeen: 70 504 026 112 bytes free
    .
    - - End Of File - - DB49AC7A5AB26E49EE27982AB7AEC87C
     
    Salorni, 05.04.2011
    #2
  4. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Kyllä täällä kaikki on tarpeellisia !!!

    Tämän ComboFixin kanssa olisi syytä olla
    varovainen. Ainakin virustutkat pitäisi sammuttaa
    ajon ajaksi.
    :)
     
    kalminen, 06.04.2011
    #3
  5. Salorni

    Salorni Member

    Liittynyt:
    03.01.2008
    Viestejä:
    94
    Kiitokset:
    0
    Pisteet:
    16
    joo huomasin sen ku koneelta katos lähes kaikki käynnistysajot yms rekisterit ton jälkeen... Mut recoveryllä takas
     
    Salorni, 06.04.2011
    #4

Jaa tämä sivu