vundo kiusaa

mjmjmj

2008-03-27 18:40:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:03, on 27.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\IIRONK~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\IIRONK~1\AppData\Local\Temp\Rar$EX00.090\VundoFix.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/uutiset/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\sstsp.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\urstt.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8864 bytes

226

Äänestä

Vastaukset

------
2008-03-31 16:09:43
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=red]combofix1[/color][/url]
[url=http://subs.geekstogo.com/ComboFix.exe][color=red]combofix2[/color][/url]

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

•   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
•   Klikkaa Scan for Vundo valintaa.
•   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
•   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
•   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
•   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
•   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===========

Uudellen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename1.jpg

2. Valitse Uudelleennineä/ Rename.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename2.jpg

3. Kirjoita scanner.exe

http://i71.photobucket.com/albums/i125/timray2006/hjtrename3.jpg
- mjmjmj
  2008-04-01 09:47:57
  ComboFix 08-03-30.5 - IIRONKONE 2008-04-01 9:31:56.1 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1304 [GMT 3:00]
  Running from: C:\Users\IIRONKONE\Downloads\ComboFix.exe
  * Created a new restore point
  * Resident AV is active
  
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\Windows\system32\abfbcbef_z.dll
  C:\Windows\system32\ecddbe0_r.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-01 to 2008-04-01 )))))))))))))))))
  .
  
  2008-03-25 21:25 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.003
  2008-03-25 21:19 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.002
  2008-03-25 21:16 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.001
  2008-03-25 21:15 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.000
  2008-03-25 21:15 . 2008-03-25 21:27   855   --a------   C:\Windows\Rtcw.INI
  2008-03-24 23:28 . 2008-03-24 23:28      d--------   C:\Program Files\Trend Micro
  2008-03-24 21:53 . 2008-03-24 21:54      d--------   C:\Program Files\Java
  2008-03-24 21:53 . 2008-03-24 21:53      d--------   C:\Program Files\Common Files\Java
  2008-03-23 23:11 . 2008-03-23 23:11      d--------   C:\Program Files\Microsoft Visual Studio 8
  2008-03-23 23:09 . 2008-03-23 23:09      dr-h-----   C:\MSOCache
  2008-03-23 22:49 . 2008-03-24 12:21      d--------   C:\Program Files\PowerISO
  2008-03-23 22:19 . 2008-03-23 22:19      d--------   C:\VundoFix Backups
  2008-03-21 17:51 . 2006-11-29 14:06   3,426,072   --a------   C:\Windows\System32\d3dx9_32.dll
  2008-03-21 17:49 . 2008-03-21 17:50      d--h-----   C:\Windows\msdownld.tmp
  2008-03-20 14:35 . 2008-03-20 14:35      d--------   C:\Program Files\Microsoft Silverlight
  2008-03-11 12:43 . 2008-03-24 15:51      d--------   C:\Program Files\jv16 PowerTools 2008
  2008-03-07 22:19 . 2008-03-07 22:19   23   --a------   C:\Windows\System32\caffd_r.ocx
  2008-03-07 22:10 . 2008-03-07 22:10   23   --a------   C:\Windows\System32\dfcebbedfbbd1_z.ocx
  2008-03-05 19:33 . 2008-03-06 11:42      d--------   C:\Users\IIRONKONE\AppData\Roaming\SiteAdvisor
  2008-03-05 19:33 . 2008-03-08 10:51      d--------   C:\Program Files\SiteAdvisor
  2008-03-05 19:33 . 2008-04-01 08:56   10,477   --a------   C:\Windows\System32\Config.MPF
  2008-03-05 19:32 . 2007-07-21 10:08   201,288   --a------   C:\Windows\System32\drivers\mfehidk.sys
  2008-03-05 19:32 . 2007-07-13 10:21   125,728   --a------   C:\Windows\System32\drivers\Mpfp.sys
  2008-03-05 19:32 . 2007-07-24 08:40   79,304   --a------   C:\Windows\System32\drivers\mfeavfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   40,488   --a------   C:\Windows\System32\drivers\mfesmfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   35,240   --a------   C:\Windows\System32\drivers\mfebopk.sys
  2008-03-05 19:32 . 2007-07-24 13:02   33,800   --a------   C:\Windows\System32\drivers\mferkdk.sys
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\McAfee.com
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\Common Files\McAfee
  2008-03-05 18:43 . 2007-05-25 16:15   572,784   --a------   C:\Windows\System32\msvcp50.dll
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\Users\All Users\ConeXware
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\ProgramData\ConeXware
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\Users\All Users\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\ProgramData\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-01 20:35      d--------   C:\Program Files\Spybot - Search & Destroy
  2008-03-01 18:09 . 2008-03-01 18:09      d--------   C:\Users\IIRONKONE\AppData\Roaming\Template
  2008-03-01 18:09 . 2008-03-01 18:09   0   --a------   C:\Users\IIRONKONE\AppData\Roaming\wklnhst.dat
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-31 19:27   ---------   d---a-w   C:\ProgramData\TEMP
  2008-03-31 19:27   ---------   d-----w   C:\Program Files\SpywareBlaster
  2008-03-31 08:11   27,715   ----a-w   C:\Users\IIRONKONE\AppData\Roaming\nvModes.dat
  2008-03-28 15:13   22,328   ----a-w   C:\Windows\system32\drivers\PnkBstrK.sys
  2008-03-28 15:13   107,832   ----a-w   C:\Windows\System32\PnkBstrB.exe
  2008-03-26 19:26   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
  2008-03-24 12:17   ---------   d-----w   C:\ProgramData\Microsoft Help
  2008-03-23 20:17   ---------   d-----w   C:\Program Files\MSBuild
  2008-03-08 15:04   ---------   d-----w   C:\Program Files\Wolfenstein - Enemy Territory
  2008-03-06 08:42   ---------   d-----w   C:\Program Files\McAfee
  2008-03-05 16:33   ---------   d-----w   C:\ProgramData\McAfee
  2008-03-05 15:32   ---------   d-----w   C:\ProgramData\SiteAdvisor
  2008-03-05 14:03   479,752   ----a-w   C:\Windows\System32\XAudio2_0.dll
  2008-03-05 14:03   238,088   ----a-w   C:\Windows\System32\xactengine3_0.dll
  2008-03-05 14:00   25,608   ----a-w   C:\Windows\System32\X3DAudio1_3.dll
  2008-03-05 13:56   3,786,760   ----a-w   C:\Windows\System32\D3DX9_37.dll
  2008-03-05 13:56   1,420,824   ----a-w   C:\Windows\System32\D3DCompiler_37.dll
  2008-03-04 03:53   78,336   ----a-w   C:\Windows\System32\ieencode.dll
  2008-03-04 03:52   830,464   ----a-w   C:\Windows\System32\wininet.dll
  2008-03-04 03:52   47,616   ----a-w   C:\Windows\AppPatch\iebrshim.dll
  2008-03-04 03:52   41,984   ----a-w   C:\Windows\System32\licmgr10.dll
  2008-03-04 03:52   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
  2008-03-04 03:52   20,480   ----a-w   C:\Windows\System32\PDMSetup.exe
  2008-03-04 03:52   17,920   ----a-w   C:\Windows\System32\corpol.dll
  2008-03-04 03:52   142,848   ----a-w   C:\Windows\System32\IESetting.dll
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetIEInstalledDate.exe
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetDepNx.exe
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\iesetup.dll
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\admparse.dll
  2008-03-04 03:51   66,560   ----a-w   C:\Windows\System32\wextract.exe
  2008-03-04 03:51   168,448   ----a-w   C:\Windows\System32\iexpress.exe
  2008-03-04 03:50   48,128   ----a-w   C:\Windows\System32\mshtmler.dll
  2008-03-04 03:50   45,568   ----a-w   C:\Windows\System32\mshta.exe
  2008-03-04 03:50   36,352   ----a-w   C:\Windows\System32\imgutil.dll
  2008-02-27 20:27   174   --sha-w   C:\Program Files\desktop.ini
  2008-02-27 20:24   ---------   d-----w   C:\Program Files\Windows Calendar
  2008-02-24 13:03   ---------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
  2008-02-22 19:11   ---------   d-----w   C:\ProgramData\Lavasoft
  2008-02-22 10:01   ---------   d-----w   C:\Program Files\Microsoft.NET
  2008-02-21 06:39   ---------   d-----w   C:\Program Files\Lavalys
  2008-02-16 17:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
  2008-02-16 08:24   ---------   d-----w   C:\Program Files\Hewlett-Packard
  2008-02-16 08:22   45,056   ----a-w   C:\Windows\NCUNINST.EXE
  2008-02-16 08:17   ---------   d-----w   C:\Program Files\Common Files\SWF Studio
  2008-02-15 19:07   ---------   d-----w   C:\Program Files\Common Files\Oberon Media
  2008-02-15 19:06   ---------   d-----w   C:\Program Files\Acer
  2008-02-15 15:17   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\CyberLink
  2008-02-15 14:34   ---------   d-----w   C:\Program Files\Windows Sidebar
  2008-02-15 14:29   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
  2008-02-15 14:29   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
  2008-02-15 14:26   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
  2008-02-15 14:26   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
  2008-02-15 14:26   24,064   ----a-w   C:\Windows\System32\netcfg.exe
  2008-02-15 14:26   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
  2008-02-15 14:26   22,016   ----a-w   C:\Windows\System32\netiougc.exe
  2008-02-15 14:26   216,632   ----a-w   C:\Windows\system32\drivers\netio.sys
  2008-02-15 14:26   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
  2008-02-15 14:26   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
  2008-02-15 14:26   1,191,936   ----a-w   C:\Windows\System32\msxml3.dll
  2008-02-15 14:25   84,480   ----a-w   C:\Windows\System32\INETRES.dll
  2008-02-15 14:25   737,792   ----a-w   C:\Windows\System32\inetcomm.dll
  2008-02-15 14:25   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
  2008-02-15 14:25   1,335,296   ----a-w   C:\Windows\System32\msxml6.dll
  2008-02-15 14:24   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
  2008-02-15 14:24   788,992   ----a-w   C:\Windows\System32\rpcrt4.dll
  2008-02-15 14:24   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
  2008-02-15 14:24   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
  2008-02-15 14:24   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
  2008-02-15 14:22   750,080   ----a-w   C:\Windows\System32\qmgr.dll
  2008-02-15 14:07   80,896   ----a-w   C:\Windows\System32\wudriver.dll
  2008-02-15 14:07   549,720   ----a-w   C:\Windows\System32\wuapi.dll
  2008-02-15 14:07   53,080   ----a-w   C:\Windows\System32\wuauclt.exe
  2008-02-15 14:07   43,352   ----a-w   C:\Windows\System32\wups2.dll
  2008-02-15 14:07   33,624   ----a-w   C:\Windows\System32\wups.dll
  2008-02-15 14:07   1,712,984   ----a-w   C:\Windows\System32\wuaueng.dll
  2008-02-15 14:07   1,524,224   ----a-w   C:\Windows\System32\wucltux.dll
  2008-02-15 14:06   31,232   ----a-w   C:\Windows\System32\wuapp.exe
  2008-02-15 14:06   163,000   ----a-w   C:\Windows\System32\wuwebv.dll
  2008-02-15 12:15   66,872   ----a-w   C:\Windows\System32\PnkBstrA.exe
  2008-02-15 11:49   73,216   ----a-w   C:\Windows\ST6UNST.EXE
  2008-02-15 11:49   249,856   ------w   C:\Windows\Setup1.exe
  2008-02-15 11:49   ---------   d-----w   C:\Program Files\Eurolaskin
  2008-02-15 09:17   ---------   d-----w   C:\Program Files\Common Files\Cisco Systems
  2008-02-14 21:08   ---------   d-----w   C:\Program Files\Acer Inc
  2008-02-14 21:05   ---------   d-----w   C:\Program Files\MSXML 4.0
  2008-02-14 09:07   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\Acer
  2008-02-14 09:06   ---------   d-----w   C:\ProgramData\CyberLink
  2008-02-14 08:55   ---------   d-----w   C:\Program Files\Acer Arcade Deluxe
  2008-02-14 08:51   ---------   d-----w   C:\Program Files\Intel
  2008-02-14 08:50   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\InstallShield
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Työpöytä
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Tiedostot
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Suosikit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Mallit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Käynnistä-valikko
  2008-02-05 21:07   462,864   ----a-w   C:\Windows\System32\d3dx10_37.dll
  2008-01-29 04:16   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
  2008-01-29 04:16   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
  2008-01-29 04:16   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
  2008-01-29 04:16   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
  .
  
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 22:36 1006264]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 08:09 865840]
  "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
  "Acer Tour"="" []
  "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 10:33 86016]
  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 10:32 8433664]
  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 10:33 81920]
  "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 12:10 4468736 C:\Windows\RtHDVCpl.exe]
  "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]
  "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
  "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
  "eRecoveryService"="" []
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-25 00:57 36640]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-15 23:16:31 535336]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{510F1453-5283-46D1-83A7-2C07E913719A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
  "{CE583075-3E03-4E54-97C6-90AF763EEBFA}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
  "{7476F1F2-D1B1-4E8E-889B-CD01605D2BDA}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
  "{BCA24F22-CCF5-4205-8EDD-7FA77980FBBD}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
  "{8015D0BE-260A-4805-B500-624522A26F3A}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
  "{AEBA65A7-6557-43C8-B39C-A6C85BAAF5A4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
  "{F8F1669E-D0E3-4F73-9A62-3F5ECC28B1C8}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
  "{0B67D978-1652-4C4C-94BE-ABA65642D2F7}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
  "TCP Query User{3BBC23C7-4D9D-4D0E-A26D-58A9532F1C3B}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "UDP Query User{33015398-6FE2-4978-9048-9BA9FF3E2A7D}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "{ABEE6805-1764-43AD-B1B3-AFF4C68DF414}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
  "{C261160C-607F-4B98-9708-6CB1DCB01147}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
  "{F12E9778-1557-41FC-ACBD-15B4DAEE1519}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{D2C7CC96-B55B-4776-8544-DC271FDCA0E0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{F410E64B-BE74-4F2E-A2BD-5522CC98219C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  "{CE6B1890-84F8-4149-8F54-680D6A51DC9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
  "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)
  
  R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
  R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
  R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
  R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-02 17:51]
  R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
  R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
  R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
  R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
  R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
  R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
  R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 10:33]
  R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 10:09]
  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 10:03]
  S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 17:47]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-03-05 18:16:30 C:\Windows\Tasks\McDefragTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
  "2008-03-05 18:16:30 C:\Windows\Tasks\McQcTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
  .
  **************************************************************************
  
  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-04-01 09:35:06
  Windows 6.0.6000 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-04-01 9:35:40
  ComboFix-quarantined-files.txt 2008-04-01 06:35:36
  Pre-Run: 81,097,035,776 tavua vapaana
  Post-Run: 80,892,190,720 tavua vapaana
  .
  2008-03-24 12:17:37   --- E O F ---

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Oletko kertonut jo muille tunteistasi?
Ystävillesi esimerkiksi? Minä en ole vielä kertonut kenellekään tästä meidän jutusta.
31.05.2025 10:38Ikävä
77
4592
Olisin ottanut sinusta akan itselleni
Mutta olitkin aika itsepäinen ja hankala luonne.
31.05.2025 12:39Ikävä
178
1825
Ei sua pysty unohtamaan
Ei vaan yksinkertaisesti pysty
31.05.2025 20:28Ikävä
124
1520
Hei, huomenta komistus
Yllättääkö, että olet heti mielessä. Mukavaa päivää upea ❤️
31.05.2025 06:32Ikävä
35
1006
Miten minusta tuntuu että kaikki tietää sun tunteista mua kohtaan
Paitsi suoraan minä itse, vai mitä hlvettiä täällä tapahtuu ja miksi ihmiset susta kyselee minulta 🤔❤️
01.06.2025 14:55Ikävä
16
961
Sunnuntain terveiset kaivatulle
Mitä ajattelet hänestä tänään? Mitä haluaisit sanoa hänelle?
01.06.2025 10:15Ikävä
78
873
Kerro todelliset motiivit
kaivattuasi kohtaan?
01.06.2025 18:36Ikävä
85
856
Hyvää huomenta!
Mietin miten suhtaudut minuun, jos kerron tunteista. Voinko enää sen jälkeen olla samassa paikassa kanssasi, jos koet as
31.05.2025 09:04Ikävä
78
832
Miks et tahtonut
Enää nähdä? Haluaisin ymmärtää
31.05.2025 01:44Ikävä
45
797
Mulla on tarkat korvat
Kuulin sun äänen ihan selvästi.
01.06.2025 20:57Ikävä
4
778

vundo kiusaa

Vastaukset

Luetuimmat keskustelut

Oletko kertonut jo muille tunteistasi?

Olisin ottanut sinusta akan itselleni

Ei sua pysty unohtamaan

Hei, huomenta komistus

Miten minusta tuntuu että kaikki tietää sun tunteista mua kohtaan

Sunnuntain terveiset kaivatulle

Kerro todelliset motiivit

Hyvää huomenta!

Miks et tahtonut

Mulla on tarkat korvat

Miksi nuori ottaa hatkat? Rajut seuraukset: seksuaalinen hyväksikäyttö, väkivalta, huumeet...

Kansainvälinen perunapäivä

Shokki! Suuri seikkailu -kisassa todellinen jättiyllätys - Tämä muutos järkyttää varmasti monia!

Mitä muistat 1990-luvusta? Tule pelaamaan Testeri-tietovisaa!

Kannattaako suomalaisen nuoren lähteä Thaimaahan au pairiksi? Mitä olet mieltä?

Osaatko olla jämäkkä?

Susanna Laine yllättää - Avaa rehellisesti elämänsä valintoja: "Se oli vähän kirosana"

Myös Helsingissä merijää suli ennennäkemättömän aikaisin.

Trump Putinista: Hän on tullut HULLUKSI

Miksi miehet hermostuvat tyhjästä?