vundo kiusaa

mjmjmj

2008-03-27 18:40:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:03, on 27.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\IIRONK~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\IIRONK~1\AppData\Local\Temp\Rar$EX00.090\VundoFix.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/uutiset/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\sstsp.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\urstt.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8864 bytes

195

Äänestä

Vastaukset

------
2008-03-31 16:09:43
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=red]combofix1[/color][/url]
[url=http://subs.geekstogo.com/ComboFix.exe][color=red]combofix2[/color][/url]

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

•   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
•   Klikkaa Scan for Vundo valintaa.
•   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
•   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
•   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
•   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
•   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===========

Uudellen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename1.jpg

2. Valitse Uudelleennineä/ Rename.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename2.jpg

3. Kirjoita scanner.exe

http://i71.photobucket.com/albums/i125/timray2006/hjtrename3.jpg
- mjmjmj
  2008-04-01 09:47:57
  ComboFix 08-03-30.5 - IIRONKONE 2008-04-01 9:31:56.1 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1304 [GMT 3:00]
  Running from: C:\Users\IIRONKONE\Downloads\ComboFix.exe
  * Created a new restore point
  * Resident AV is active
  
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\Windows\system32\abfbcbef_z.dll
  C:\Windows\system32\ecddbe0_r.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-01 to 2008-04-01 )))))))))))))))))
  .
  
  2008-03-25 21:25 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.003
  2008-03-25 21:19 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.002
  2008-03-25 21:16 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.001
  2008-03-25 21:15 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.000
  2008-03-25 21:15 . 2008-03-25 21:27   855   --a------   C:\Windows\Rtcw.INI
  2008-03-24 23:28 . 2008-03-24 23:28      d--------   C:\Program Files\Trend Micro
  2008-03-24 21:53 . 2008-03-24 21:54      d--------   C:\Program Files\Java
  2008-03-24 21:53 . 2008-03-24 21:53      d--------   C:\Program Files\Common Files\Java
  2008-03-23 23:11 . 2008-03-23 23:11      d--------   C:\Program Files\Microsoft Visual Studio 8
  2008-03-23 23:09 . 2008-03-23 23:09      dr-h-----   C:\MSOCache
  2008-03-23 22:49 . 2008-03-24 12:21      d--------   C:\Program Files\PowerISO
  2008-03-23 22:19 . 2008-03-23 22:19      d--------   C:\VundoFix Backups
  2008-03-21 17:51 . 2006-11-29 14:06   3,426,072   --a------   C:\Windows\System32\d3dx9_32.dll
  2008-03-21 17:49 . 2008-03-21 17:50      d--h-----   C:\Windows\msdownld.tmp
  2008-03-20 14:35 . 2008-03-20 14:35      d--------   C:\Program Files\Microsoft Silverlight
  2008-03-11 12:43 . 2008-03-24 15:51      d--------   C:\Program Files\jv16 PowerTools 2008
  2008-03-07 22:19 . 2008-03-07 22:19   23   --a------   C:\Windows\System32\caffd_r.ocx
  2008-03-07 22:10 . 2008-03-07 22:10   23   --a------   C:\Windows\System32\dfcebbedfbbd1_z.ocx
  2008-03-05 19:33 . 2008-03-06 11:42      d--------   C:\Users\IIRONKONE\AppData\Roaming\SiteAdvisor
  2008-03-05 19:33 . 2008-03-08 10:51      d--------   C:\Program Files\SiteAdvisor
  2008-03-05 19:33 . 2008-04-01 08:56   10,477   --a------   C:\Windows\System32\Config.MPF
  2008-03-05 19:32 . 2007-07-21 10:08   201,288   --a------   C:\Windows\System32\drivers\mfehidk.sys
  2008-03-05 19:32 . 2007-07-13 10:21   125,728   --a------   C:\Windows\System32\drivers\Mpfp.sys
  2008-03-05 19:32 . 2007-07-24 08:40   79,304   --a------   C:\Windows\System32\drivers\mfeavfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   40,488   --a------   C:\Windows\System32\drivers\mfesmfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   35,240   --a------   C:\Windows\System32\drivers\mfebopk.sys
  2008-03-05 19:32 . 2007-07-24 13:02   33,800   --a------   C:\Windows\System32\drivers\mferkdk.sys
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\McAfee.com
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\Common Files\McAfee
  2008-03-05 18:43 . 2007-05-25 16:15   572,784   --a------   C:\Windows\System32\msvcp50.dll
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\Users\All Users\ConeXware
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\ProgramData\ConeXware
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\Users\All Users\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\ProgramData\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-01 20:35      d--------   C:\Program Files\Spybot - Search & Destroy
  2008-03-01 18:09 . 2008-03-01 18:09      d--------   C:\Users\IIRONKONE\AppData\Roaming\Template
  2008-03-01 18:09 . 2008-03-01 18:09   0   --a------   C:\Users\IIRONKONE\AppData\Roaming\wklnhst.dat
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-31 19:27   ---------   d---a-w   C:\ProgramData\TEMP
  2008-03-31 19:27   ---------   d-----w   C:\Program Files\SpywareBlaster
  2008-03-31 08:11   27,715   ----a-w   C:\Users\IIRONKONE\AppData\Roaming\nvModes.dat
  2008-03-28 15:13   22,328   ----a-w   C:\Windows\system32\drivers\PnkBstrK.sys
  2008-03-28 15:13   107,832   ----a-w   C:\Windows\System32\PnkBstrB.exe
  2008-03-26 19:26   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
  2008-03-24 12:17   ---------   d-----w   C:\ProgramData\Microsoft Help
  2008-03-23 20:17   ---------   d-----w   C:\Program Files\MSBuild
  2008-03-08 15:04   ---------   d-----w   C:\Program Files\Wolfenstein - Enemy Territory
  2008-03-06 08:42   ---------   d-----w   C:\Program Files\McAfee
  2008-03-05 16:33   ---------   d-----w   C:\ProgramData\McAfee
  2008-03-05 15:32   ---------   d-----w   C:\ProgramData\SiteAdvisor
  2008-03-05 14:03   479,752   ----a-w   C:\Windows\System32\XAudio2_0.dll
  2008-03-05 14:03   238,088   ----a-w   C:\Windows\System32\xactengine3_0.dll
  2008-03-05 14:00   25,608   ----a-w   C:\Windows\System32\X3DAudio1_3.dll
  2008-03-05 13:56   3,786,760   ----a-w   C:\Windows\System32\D3DX9_37.dll
  2008-03-05 13:56   1,420,824   ----a-w   C:\Windows\System32\D3DCompiler_37.dll
  2008-03-04 03:53   78,336   ----a-w   C:\Windows\System32\ieencode.dll
  2008-03-04 03:52   830,464   ----a-w   C:\Windows\System32\wininet.dll
  2008-03-04 03:52   47,616   ----a-w   C:\Windows\AppPatch\iebrshim.dll
  2008-03-04 03:52   41,984   ----a-w   C:\Windows\System32\licmgr10.dll
  2008-03-04 03:52   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
  2008-03-04 03:52   20,480   ----a-w   C:\Windows\System32\PDMSetup.exe
  2008-03-04 03:52   17,920   ----a-w   C:\Windows\System32\corpol.dll
  2008-03-04 03:52   142,848   ----a-w   C:\Windows\System32\IESetting.dll
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetIEInstalledDate.exe
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetDepNx.exe
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\iesetup.dll
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\admparse.dll
  2008-03-04 03:51   66,560   ----a-w   C:\Windows\System32\wextract.exe
  2008-03-04 03:51   168,448   ----a-w   C:\Windows\System32\iexpress.exe
  2008-03-04 03:50   48,128   ----a-w   C:\Windows\System32\mshtmler.dll
  2008-03-04 03:50   45,568   ----a-w   C:\Windows\System32\mshta.exe
  2008-03-04 03:50   36,352   ----a-w   C:\Windows\System32\imgutil.dll
  2008-02-27 20:27   174   --sha-w   C:\Program Files\desktop.ini
  2008-02-27 20:24   ---------   d-----w   C:\Program Files\Windows Calendar
  2008-02-24 13:03   ---------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
  2008-02-22 19:11   ---------   d-----w   C:\ProgramData\Lavasoft
  2008-02-22 10:01   ---------   d-----w   C:\Program Files\Microsoft.NET
  2008-02-21 06:39   ---------   d-----w   C:\Program Files\Lavalys
  2008-02-16 17:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
  2008-02-16 08:24   ---------   d-----w   C:\Program Files\Hewlett-Packard
  2008-02-16 08:22   45,056   ----a-w   C:\Windows\NCUNINST.EXE
  2008-02-16 08:17   ---------   d-----w   C:\Program Files\Common Files\SWF Studio
  2008-02-15 19:07   ---------   d-----w   C:\Program Files\Common Files\Oberon Media
  2008-02-15 19:06   ---------   d-----w   C:\Program Files\Acer
  2008-02-15 15:17   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\CyberLink
  2008-02-15 14:34   ---------   d-----w   C:\Program Files\Windows Sidebar
  2008-02-15 14:29   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
  2008-02-15 14:29   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
  2008-02-15 14:26   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
  2008-02-15 14:26   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
  2008-02-15 14:26   24,064   ----a-w   C:\Windows\System32\netcfg.exe
  2008-02-15 14:26   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
  2008-02-15 14:26   22,016   ----a-w   C:\Windows\System32\netiougc.exe
  2008-02-15 14:26   216,632   ----a-w   C:\Windows\system32\drivers\netio.sys
  2008-02-15 14:26   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
  2008-02-15 14:26   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
  2008-02-15 14:26   1,191,936   ----a-w   C:\Windows\System32\msxml3.dll
  2008-02-15 14:25   84,480   ----a-w   C:\Windows\System32\INETRES.dll
  2008-02-15 14:25   737,792   ----a-w   C:\Windows\System32\inetcomm.dll
  2008-02-15 14:25   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
  2008-02-15 14:25   1,335,296   ----a-w   C:\Windows\System32\msxml6.dll
  2008-02-15 14:24   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
  2008-02-15 14:24   788,992   ----a-w   C:\Windows\System32\rpcrt4.dll
  2008-02-15 14:24   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
  2008-02-15 14:24   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
  2008-02-15 14:24   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
  2008-02-15 14:22   750,080   ----a-w   C:\Windows\System32\qmgr.dll
  2008-02-15 14:07   80,896   ----a-w   C:\Windows\System32\wudriver.dll
  2008-02-15 14:07   549,720   ----a-w   C:\Windows\System32\wuapi.dll
  2008-02-15 14:07   53,080   ----a-w   C:\Windows\System32\wuauclt.exe
  2008-02-15 14:07   43,352   ----a-w   C:\Windows\System32\wups2.dll
  2008-02-15 14:07   33,624   ----a-w   C:\Windows\System32\wups.dll
  2008-02-15 14:07   1,712,984   ----a-w   C:\Windows\System32\wuaueng.dll
  2008-02-15 14:07   1,524,224   ----a-w   C:\Windows\System32\wucltux.dll
  2008-02-15 14:06   31,232   ----a-w   C:\Windows\System32\wuapp.exe
  2008-02-15 14:06   163,000   ----a-w   C:\Windows\System32\wuwebv.dll
  2008-02-15 12:15   66,872   ----a-w   C:\Windows\System32\PnkBstrA.exe
  2008-02-15 11:49   73,216   ----a-w   C:\Windows\ST6UNST.EXE
  2008-02-15 11:49   249,856   ------w   C:\Windows\Setup1.exe
  2008-02-15 11:49   ---------   d-----w   C:\Program Files\Eurolaskin
  2008-02-15 09:17   ---------   d-----w   C:\Program Files\Common Files\Cisco Systems
  2008-02-14 21:08   ---------   d-----w   C:\Program Files\Acer Inc
  2008-02-14 21:05   ---------   d-----w   C:\Program Files\MSXML 4.0
  2008-02-14 09:07   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\Acer
  2008-02-14 09:06   ---------   d-----w   C:\ProgramData\CyberLink
  2008-02-14 08:55   ---------   d-----w   C:\Program Files\Acer Arcade Deluxe
  2008-02-14 08:51   ---------   d-----w   C:\Program Files\Intel
  2008-02-14 08:50   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\InstallShield
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Työpöytä
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Tiedostot
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Suosikit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Mallit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Käynnistä-valikko
  2008-02-05 21:07   462,864   ----a-w   C:\Windows\System32\d3dx10_37.dll
  2008-01-29 04:16   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
  2008-01-29 04:16   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
  2008-01-29 04:16   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
  2008-01-29 04:16   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
  .
  
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 22:36 1006264]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 08:09 865840]
  "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
  "Acer Tour"="" []
  "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 10:33 86016]
  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 10:32 8433664]
  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 10:33 81920]
  "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 12:10 4468736 C:\Windows\RtHDVCpl.exe]
  "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]
  "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
  "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
  "eRecoveryService"="" []
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-25 00:57 36640]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-15 23:16:31 535336]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{510F1453-5283-46D1-83A7-2C07E913719A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
  "{CE583075-3E03-4E54-97C6-90AF763EEBFA}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
  "{7476F1F2-D1B1-4E8E-889B-CD01605D2BDA}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
  "{BCA24F22-CCF5-4205-8EDD-7FA77980FBBD}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
  "{8015D0BE-260A-4805-B500-624522A26F3A}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
  "{AEBA65A7-6557-43C8-B39C-A6C85BAAF5A4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
  "{F8F1669E-D0E3-4F73-9A62-3F5ECC28B1C8}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
  "{0B67D978-1652-4C4C-94BE-ABA65642D2F7}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
  "TCP Query User{3BBC23C7-4D9D-4D0E-A26D-58A9532F1C3B}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "UDP Query User{33015398-6FE2-4978-9048-9BA9FF3E2A7D}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "{ABEE6805-1764-43AD-B1B3-AFF4C68DF414}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
  "{C261160C-607F-4B98-9708-6CB1DCB01147}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
  "{F12E9778-1557-41FC-ACBD-15B4DAEE1519}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{D2C7CC96-B55B-4776-8544-DC271FDCA0E0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{F410E64B-BE74-4F2E-A2BD-5522CC98219C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  "{CE6B1890-84F8-4149-8F54-680D6A51DC9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
  "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)
  
  R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
  R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
  R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
  R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-02 17:51]
  R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
  R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
  R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
  R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
  R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
  R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
  R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 10:33]
  R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 10:09]
  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 10:03]
  S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 17:47]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-03-05 18:16:30 C:\Windows\Tasks\McDefragTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
  "2008-03-05 18:16:30 C:\Windows\Tasks\McQcTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
  .
  **************************************************************************
  
  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-04-01 09:35:06
  Windows 6.0.6000 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-04-01 9:35:40
  ComboFix-quarantined-files.txt 2008-04-01 06:35:36
  Pre-Run: 81,097,035,776 tavua vapaana
  Post-Run: 80,892,190,720 tavua vapaana
  .
  2008-03-24 12:17:37   --- E O F ---

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Paras olisi vain unohtaa
Tuleekohan tähän meidän tilanteeseen ikinä mitään selvyyttä. Epätoivo iskee taas, enkä jaksaisi enää odottaa. Kohta lop
19.05.2024 13:11Ikävä
76
1352
Voisitko laittaa
Nimesi ensimmäisen ja kaksi viimeistä kirjainta tähän?
19.05.2024 10:28Ikävä
68
1195
huono omatunto
johtuu siitä, että minulla on tunteita sinua kohtaan. Se vaikuttaa asiaan. Kaipasin sinua tänäänkin.
19.05.2024 21:38Ikävä
55
924
Nämä kaikki alla olevat aloitukset on saman naisen aloituksia
Kuinka paljon täytyy vintissä viheltää että esiintyy välillä jopa miehenä, ja sitten itse vastailee omiin kysymyksiinsä?
19.05.2024 08:50Ikävä
138
906
Mietitikö nainen koskaan
Miksi me ollaan päädytty tähän pisteeseen. Lähestmistapaa ei ole. Tarvitaanko me oikeasti enää tätä.
20.05.2024 21:00Ikävä
78
838
Päätin juuri että
En odota että meidän välillä enää tapahtuisi mitään. Tämä on aivan liian monimutkaista ja kyllä sinäkin olisit joskus mi
19.05.2024 13:01Ikävä
31
784
Suomalaisia naisia lennätetään seksimatkoille
https://www.iltalehti.fi/kotimaa/a/1f5f5e20-8c36-4907-9640-8e0c3b017c5a Gambia on jo vuosia ollut yhtä kuin munanhaku ma
19.05.2024 11:44Lieksa
162
783
Huomenna se
Tulee kohta, odotatko?
19.05.2024 20:29Ikävä
61
766
Onnistuit sohaisemaan mua
Kaikkein herkimpään kohtaan ja kyseenalaistamaan mun luottamuksellisuuden. Kun sitä ei ole niin ei ole mitään muutakaan
19.05.2024 18:27Ikävä
59
764
Mitä kaipaat
Usein elämässäsi
19.05.2024 20:06Ikävä
76
675

vundo kiusaa

Vastaukset

Luetuimmat keskustelut

Paras olisi vain unohtaa

Voisitko laittaa

huono omatunto

Nämä kaikki alla olevat aloitukset on saman naisen aloituksia

Mietitikö nainen koskaan

Päätin juuri että

Suomalaisia naisia lennätetään seksimatkoille

Huomenna se

Onnistuit sohaisemaan mua

Mitä kaipaat

Kysy ja keskustele jalkapallon tasoryhmistä! Palloliiton asiantuntijat mukana 20.5. klo 16-20.

Jennika Vikman avoimena - Isosisko Erika Vikman ohjeisti napakasti Tähdet, tähdet -kisaan: "Älä.."

Tähdet, tähdet -tippuja Sara Chafak uskoo tähän yliluonnolliseen: "Se on niinkin yksinkertaista..."

Tiesitkö? Farmi Suomi Kirsikka Simberg on tämän julkkisnaisen tytär - Katso tyrmäävät mallikuvat!

Tuhdit oluet kauppoihin. Miksi vastustaa?

Miksi jollain jää "talvi päälle"

Seiska: Teemu Roivainen paljastaa, miten käytti Selviytyjät 30 000 voittorahat: "Menivät..."

Tuhoaako tekoäly maailman?

Miksi koulut pakottavat

Oi, mikä upea luksusmökki! Hanna Kinnunen avaa ovet Lapin huvilalle - Katso kuvat tästä!