vundo kiusaa

mjmjmj

2008-03-27 18:40:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:03, on 27.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\IIRONK~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\IIRONK~1\AppData\Local\Temp\Rar$EX00.090\VundoFix.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/uutiset/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\sstsp.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\IIRONK~1\AppData\Local\Temp\urstt.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8864 bytes

225

Äänestä

Vastaukset

------
2008-03-31 16:09:43
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=red]combofix1[/color][/url]
[url=http://subs.geekstogo.com/ComboFix.exe][color=red]combofix2[/color][/url]

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

•   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
•   Klikkaa Scan for Vundo valintaa.
•   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
•   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
•   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
•   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
•   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===========

Uudellen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename1.jpg

2. Valitse Uudelleennineä/ Rename.

http://i71.photobucket.com/albums/i125/timray2006/hjtrename2.jpg

3. Kirjoita scanner.exe

http://i71.photobucket.com/albums/i125/timray2006/hjtrename3.jpg
- mjmjmj
  2008-04-01 09:47:57
  ComboFix 08-03-30.5 - IIRONKONE 2008-04-01 9:31:56.1 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1304 [GMT 3:00]
  Running from: C:\Users\IIRONKONE\Downloads\ComboFix.exe
  * Created a new restore point
  * Resident AV is active
  
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\Windows\system32\abfbcbef_z.dll
  C:\Windows\system32\ecddbe0_r.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-01 to 2008-04-01 )))))))))))))))))
  .
  
  2008-03-25 21:25 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.003
  2008-03-25 21:19 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.002
  2008-03-25 21:16 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.001
  2008-03-25 21:15 . 2001-06-19 18:53   266,293   --a------   C:\Windows\System32\temp.000
  2008-03-25 21:15 . 2008-03-25 21:27   855   --a------   C:\Windows\Rtcw.INI
  2008-03-24 23:28 . 2008-03-24 23:28      d--------   C:\Program Files\Trend Micro
  2008-03-24 21:53 . 2008-03-24 21:54      d--------   C:\Program Files\Java
  2008-03-24 21:53 . 2008-03-24 21:53      d--------   C:\Program Files\Common Files\Java
  2008-03-23 23:11 . 2008-03-23 23:11      d--------   C:\Program Files\Microsoft Visual Studio 8
  2008-03-23 23:09 . 2008-03-23 23:09      dr-h-----   C:\MSOCache
  2008-03-23 22:49 . 2008-03-24 12:21      d--------   C:\Program Files\PowerISO
  2008-03-23 22:19 . 2008-03-23 22:19      d--------   C:\VundoFix Backups
  2008-03-21 17:51 . 2006-11-29 14:06   3,426,072   --a------   C:\Windows\System32\d3dx9_32.dll
  2008-03-21 17:49 . 2008-03-21 17:50      d--h-----   C:\Windows\msdownld.tmp
  2008-03-20 14:35 . 2008-03-20 14:35      d--------   C:\Program Files\Microsoft Silverlight
  2008-03-11 12:43 . 2008-03-24 15:51      d--------   C:\Program Files\jv16 PowerTools 2008
  2008-03-07 22:19 . 2008-03-07 22:19   23   --a------   C:\Windows\System32\caffd_r.ocx
  2008-03-07 22:10 . 2008-03-07 22:10   23   --a------   C:\Windows\System32\dfcebbedfbbd1_z.ocx
  2008-03-05 19:33 . 2008-03-06 11:42      d--------   C:\Users\IIRONKONE\AppData\Roaming\SiteAdvisor
  2008-03-05 19:33 . 2008-03-08 10:51      d--------   C:\Program Files\SiteAdvisor
  2008-03-05 19:33 . 2008-04-01 08:56   10,477   --a------   C:\Windows\System32\Config.MPF
  2008-03-05 19:32 . 2007-07-21 10:08   201,288   --a------   C:\Windows\System32\drivers\mfehidk.sys
  2008-03-05 19:32 . 2007-07-13 10:21   125,728   --a------   C:\Windows\System32\drivers\Mpfp.sys
  2008-03-05 19:32 . 2007-07-24 08:40   79,304   --a------   C:\Windows\System32\drivers\mfeavfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   40,488   --a------   C:\Windows\System32\drivers\mfesmfk.sys
  2008-03-05 19:32 . 2007-07-21 10:08   35,240   --a------   C:\Windows\System32\drivers\mfebopk.sys
  2008-03-05 19:32 . 2007-07-24 13:02   33,800   --a------   C:\Windows\System32\drivers\mferkdk.sys
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\McAfee.com
  2008-03-05 19:31 . 2008-03-05 19:32      d--------   C:\Program Files\Common Files\McAfee
  2008-03-05 18:43 . 2007-05-25 16:15   572,784   --a------   C:\Windows\System32\msvcp50.dll
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\Users\All Users\ConeXware
  2008-03-01 20:37 . 2008-03-01 20:37      d--------   C:\ProgramData\ConeXware
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\Users\All Users\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-14 18:49      d--------   C:\ProgramData\Spybot - Search & Destroy
  2008-03-01 20:35 . 2008-03-01 20:35      d--------   C:\Program Files\Spybot - Search & Destroy
  2008-03-01 18:09 . 2008-03-01 18:09      d--------   C:\Users\IIRONKONE\AppData\Roaming\Template
  2008-03-01 18:09 . 2008-03-01 18:09   0   --a------   C:\Users\IIRONKONE\AppData\Roaming\wklnhst.dat
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-03-31 19:27   ---------   d---a-w   C:\ProgramData\TEMP
  2008-03-31 19:27   ---------   d-----w   C:\Program Files\SpywareBlaster
  2008-03-31 08:11   27,715   ----a-w   C:\Users\IIRONKONE\AppData\Roaming\nvModes.dat
  2008-03-28 15:13   22,328   ----a-w   C:\Windows\system32\drivers\PnkBstrK.sys
  2008-03-28 15:13   107,832   ----a-w   C:\Windows\System32\PnkBstrB.exe
  2008-03-26 19:26   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
  2008-03-24 12:17   ---------   d-----w   C:\ProgramData\Microsoft Help
  2008-03-23 20:17   ---------   d-----w   C:\Program Files\MSBuild
  2008-03-08 15:04   ---------   d-----w   C:\Program Files\Wolfenstein - Enemy Territory
  2008-03-06 08:42   ---------   d-----w   C:\Program Files\McAfee
  2008-03-05 16:33   ---------   d-----w   C:\ProgramData\McAfee
  2008-03-05 15:32   ---------   d-----w   C:\ProgramData\SiteAdvisor
  2008-03-05 14:03   479,752   ----a-w   C:\Windows\System32\XAudio2_0.dll
  2008-03-05 14:03   238,088   ----a-w   C:\Windows\System32\xactengine3_0.dll
  2008-03-05 14:00   25,608   ----a-w   C:\Windows\System32\X3DAudio1_3.dll
  2008-03-05 13:56   3,786,760   ----a-w   C:\Windows\System32\D3DX9_37.dll
  2008-03-05 13:56   1,420,824   ----a-w   C:\Windows\System32\D3DCompiler_37.dll
  2008-03-04 03:53   78,336   ----a-w   C:\Windows\System32\ieencode.dll
  2008-03-04 03:52   830,464   ----a-w   C:\Windows\System32\wininet.dll
  2008-03-04 03:52   47,616   ----a-w   C:\Windows\AppPatch\iebrshim.dll
  2008-03-04 03:52   41,984   ----a-w   C:\Windows\System32\licmgr10.dll
  2008-03-04 03:52   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
  2008-03-04 03:52   20,480   ----a-w   C:\Windows\System32\PDMSetup.exe
  2008-03-04 03:52   17,920   ----a-w   C:\Windows\System32\corpol.dll
  2008-03-04 03:52   142,848   ----a-w   C:\Windows\System32\IESetting.dll
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetIEInstalledDate.exe
  2008-03-04 03:52   13,824   ----a-w   C:\Windows\System32\SetDepNx.exe
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\iesetup.dll
  2008-03-04 03:51   69,120   ----a-w   C:\Windows\System32\admparse.dll
  2008-03-04 03:51   66,560   ----a-w   C:\Windows\System32\wextract.exe
  2008-03-04 03:51   168,448   ----a-w   C:\Windows\System32\iexpress.exe
  2008-03-04 03:50   48,128   ----a-w   C:\Windows\System32\mshtmler.dll
  2008-03-04 03:50   45,568   ----a-w   C:\Windows\System32\mshta.exe
  2008-03-04 03:50   36,352   ----a-w   C:\Windows\System32\imgutil.dll
  2008-02-27 20:27   174   --sha-w   C:\Program Files\desktop.ini
  2008-02-27 20:24   ---------   d-----w   C:\Program Files\Windows Calendar
  2008-02-24 13:03   ---------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
  2008-02-22 19:11   ---------   d-----w   C:\ProgramData\Lavasoft
  2008-02-22 10:01   ---------   d-----w   C:\Program Files\Microsoft.NET
  2008-02-21 06:39   ---------   d-----w   C:\Program Files\Lavalys
  2008-02-16 17:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
  2008-02-16 08:24   ---------   d-----w   C:\Program Files\Hewlett-Packard
  2008-02-16 08:22   45,056   ----a-w   C:\Windows\NCUNINST.EXE
  2008-02-16 08:17   ---------   d-----w   C:\Program Files\Common Files\SWF Studio
  2008-02-15 19:07   ---------   d-----w   C:\Program Files\Common Files\Oberon Media
  2008-02-15 19:06   ---------   d-----w   C:\Program Files\Acer
  2008-02-15 15:17   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\CyberLink
  2008-02-15 14:34   ---------   d-----w   C:\Program Files\Windows Sidebar
  2008-02-15 14:29   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
  2008-02-15 14:29   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
  2008-02-15 14:26   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
  2008-02-15 14:26   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
  2008-02-15 14:26   24,064   ----a-w   C:\Windows\System32\netcfg.exe
  2008-02-15 14:26   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
  2008-02-15 14:26   22,016   ----a-w   C:\Windows\System32\netiougc.exe
  2008-02-15 14:26   216,632   ----a-w   C:\Windows\system32\drivers\netio.sys
  2008-02-15 14:26   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
  2008-02-15 14:26   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
  2008-02-15 14:26   1,191,936   ----a-w   C:\Windows\System32\msxml3.dll
  2008-02-15 14:25   84,480   ----a-w   C:\Windows\System32\INETRES.dll
  2008-02-15 14:25   737,792   ----a-w   C:\Windows\System32\inetcomm.dll
  2008-02-15 14:25   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
  2008-02-15 14:25   1,335,296   ----a-w   C:\Windows\System32\msxml6.dll
  2008-02-15 14:24   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
  2008-02-15 14:24   788,992   ----a-w   C:\Windows\System32\rpcrt4.dll
  2008-02-15 14:24   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
  2008-02-15 14:24   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
  2008-02-15 14:24   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
  2008-02-15 14:22   750,080   ----a-w   C:\Windows\System32\qmgr.dll
  2008-02-15 14:07   80,896   ----a-w   C:\Windows\System32\wudriver.dll
  2008-02-15 14:07   549,720   ----a-w   C:\Windows\System32\wuapi.dll
  2008-02-15 14:07   53,080   ----a-w   C:\Windows\System32\wuauclt.exe
  2008-02-15 14:07   43,352   ----a-w   C:\Windows\System32\wups2.dll
  2008-02-15 14:07   33,624   ----a-w   C:\Windows\System32\wups.dll
  2008-02-15 14:07   1,712,984   ----a-w   C:\Windows\System32\wuaueng.dll
  2008-02-15 14:07   1,524,224   ----a-w   C:\Windows\System32\wucltux.dll
  2008-02-15 14:06   31,232   ----a-w   C:\Windows\System32\wuapp.exe
  2008-02-15 14:06   163,000   ----a-w   C:\Windows\System32\wuwebv.dll
  2008-02-15 12:15   66,872   ----a-w   C:\Windows\System32\PnkBstrA.exe
  2008-02-15 11:49   73,216   ----a-w   C:\Windows\ST6UNST.EXE
  2008-02-15 11:49   249,856   ------w   C:\Windows\Setup1.exe
  2008-02-15 11:49   ---------   d-----w   C:\Program Files\Eurolaskin
  2008-02-15 09:17   ---------   d-----w   C:\Program Files\Common Files\Cisco Systems
  2008-02-14 21:08   ---------   d-----w   C:\Program Files\Acer Inc
  2008-02-14 21:05   ---------   d-----w   C:\Program Files\MSXML 4.0
  2008-02-14 09:07   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\Acer
  2008-02-14 09:06   ---------   d-----w   C:\ProgramData\CyberLink
  2008-02-14 08:55   ---------   d-----w   C:\Program Files\Acer Arcade Deluxe
  2008-02-14 08:51   ---------   d-----w   C:\Program Files\Intel
  2008-02-14 08:50   ---------   d-----w   C:\Users\IIRONKONE\AppData\Roaming\InstallShield
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Työpöytä
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Tiedostot
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Suosikit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Mallit
  2008-02-14 08:47   ---------   d-sh--w   C:\ProgramData\Käynnistä-valikko
  2008-02-05 21:07   462,864   ----a-w   C:\Windows\System32\d3dx10_37.dll
  2008-01-29 04:16   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
  2008-01-29 04:16   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
  2008-01-29 04:16   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
  2008-01-29 04:16   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
  .
  
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 22:36 1006264]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 08:09 865840]
  "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
  "Acer Tour"="" []
  "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 10:33 86016]
  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 10:32 8433664]
  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 10:33 81920]
  "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 12:10 4468736 C:\Windows\RtHDVCpl.exe]
  "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]
  "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
  "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
  "eRecoveryService"="" []
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-25 00:57 36640]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
  
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-15 23:16:31 535336]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{510F1453-5283-46D1-83A7-2C07E913719A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
  "{CE583075-3E03-4E54-97C6-90AF763EEBFA}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
  "{7476F1F2-D1B1-4E8E-889B-CD01605D2BDA}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
  "{BCA24F22-CCF5-4205-8EDD-7FA77980FBBD}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
  "{8015D0BE-260A-4805-B500-624522A26F3A}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
  "{AEBA65A7-6557-43C8-B39C-A6C85BAAF5A4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
  "{F8F1669E-D0E3-4F73-9A62-3F5ECC28B1C8}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
  "{0B67D978-1652-4C4C-94BE-ABA65642D2F7}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
  "TCP Query User{3BBC23C7-4D9D-4D0E-A26D-58A9532F1C3B}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "UDP Query User{33015398-6FE2-4978-9048-9BA9FF3E2A7D}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
  "{ABEE6805-1764-43AD-B1B3-AFF4C68DF414}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
  "{C261160C-607F-4B98-9708-6CB1DCB01147}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
  "{F12E9778-1557-41FC-ACBD-15B4DAEE1519}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{D2C7CC96-B55B-4776-8544-DC271FDCA0E0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
  "{F410E64B-BE74-4F2E-A2BD-5522CC98219C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  "{CE6B1890-84F8-4149-8F54-680D6A51DC9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
  "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)
  
  R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
  R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
  R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
  R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-02 17:51]
  R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
  R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
  R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
  R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
  R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
  R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
  R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 10:33]
  R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 10:09]
  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 10:03]
  S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 17:47]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-03-05 18:16:30 C:\Windows\Tasks\McDefragTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
  "2008-03-05 18:16:30 C:\Windows\Tasks\McQcTask.job"
  - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
  .
  **************************************************************************
  
  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-04-01 09:35:06
  Windows 6.0.6000 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-04-01 9:35:40
  ComboFix-quarantined-files.txt 2008-04-01 06:35:36
  Pre-Run: 81,097,035,776 tavua vapaana
  Post-Run: 80,892,190,720 tavua vapaana
  .
  2008-03-24 12:17:37   --- E O F ---

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa
En saisi, silti toivon että sinä vielä palaat ja otetaan oikeasti selvää, hioituuko särmät ja sulaudummeko yhteen. Vuod
14.05.2025 12:09Ikävä
22
4704
Huomenta ihana
Kauniskasvoinen ihanuus 😘 saan sut vielä
15.05.2025 08:14Ikävä
20
3825
Seiska: Anne Kukkohovi myy pikkuhousujaan ja antaa penisarvioita
Melko hupaisaa: https://www.seiska.fi/vain-seiskassa/ex-huippumalli-anne-kukkohovin-amerikan-valloitus-vastatuulessa-myy
13.05.2025 21:58Maailman menoa
408
2494
Hei rakas...
Miten on työpäivä sujunut? Rakastan sinua 💗
15.05.2025 13:38Ikävä
27
2241
Edelleen sitä on vaikea uskoa
Että olisit oikeasti rakastunut muhun
15.05.2025 09:49Ikävä
34
2064
Nainen, sellaista tässä ajattelin
Minulla on olo, että täällä on edelleen joku, jolla on jotain käsiteltävää. Hän ei ole päässyt lähtemään vielä vaan jost
13.05.2025 20:06Ikävä
239
1969
Toiveikas vai toivoton
torstai? Ajatuksia?
15.05.2025 08:36Ikävä
37
1888
Vitsi mihin menit. Heti takasin.
Mä näin sut tuu takasin! Oli kiire, niin en ehtiny sin perään!
15.05.2025 14:44Ikävä
15
1758
En ole koskaan kokenut
Ennen mitään tällaista rakastumista. Tiedän että kaipaan sinua varmaan loppu elämän. Toivottavasti ei tarvitsisi vain ka
15.05.2025 19:21Ikävä
19
1527
Mukavaa päivää
Mun rakkauden kohteelle ❤️ toivottavasti olet onnellinen
15.05.2025 09:41Ikävä
12
1411

vundo kiusaa

Vastaukset

Luetuimmat keskustelut

Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa

Huomenta ihana

Seiska: Anne Kukkohovi myy pikkuhousujaan ja antaa penisarvioita

Hei rakas...

Edelleen sitä on vaikea uskoa

Nainen, sellaista tässä ajattelin

Toiveikas vai toivoton

Vitsi mihin menit. Heti takasin.

En ole koskaan kokenut

Mukavaa päivää

Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...

Euroviisut hallussa? Tule testaamaan tietosi Euroviisut-visassa!

Raideleveys muuttuu

Euroviisut 2025 alkoivat...

Suuri seikkailu -tippuja Jari Isometsää arvelutti tämä ennen kuvauksia: "Vähän mietitytti, kun..."

Kulujen jako parisuhteessa

Oho! Antti Railio yllättää - Tässäkö uusi tangokuningas? Tykkäisitkö?

Kauanko skuutteja on siedettävä? Ei tietoa liikennesäännöistä, ajellaan miten sattuu ja missä vain.

Janne Ahonen rehellisenä Suuri seikkailu -ruoista - Yllättävä seikka: "Ei, ei menty niin..."

Euroviisut ohjelmaa tällä vkolla tv:ssä 13.-17.5. - Katso tärkeät ajat tästä ja pysy kartalla!