AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 31.1.2025 / 06:45
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > koneen muistissa virus? + hjt-loki
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Koneen muistissa virus? + HJT-loki
  Siirry:
 
Kirjoittaja Viesti
_Silver
Suspended due to non-functional email address
_ 		20. joulukuuta 2009 @ 15:31 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Koneen suorittimenkäyttö lähentelee aina 100% vaikka mitään ei tekisikään ja kone muutenki jumittaa ja ohjelmat eivät suostu vastaamaan.

Kun tarkistan koneen Avastilla löytää se viruksen muistista ja pyytää käynnistämään koneen uudelleen ja tarkistaa samalla kaikki käynnistysvaiheessa ladattavat tiedostot(jonka olen tehnyt jo ties kuinka monta kertaa). Sitten on kanssa sellainen kuin joku C:\Windows\System32\OOZYNF~1.EXE jonka aina ehdottaa siirtämään karanteeniin.

Ohessa myös HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:16, on 20.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC64EA6-E3DE-400B-B198-29BD22199CAE}: NameServer = 193.229.0.40 193.229.0.42
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: McAfee Application Installer Cleanup (0300781256832952) (0300781256832952mcinstcleanup) - Unknown owner - C:\Users\Marika\AppData\Local\Temp\030078~1.EXE (file missing)
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: zlkktwzhwhpzza - asm - c:\windows\system32\OOZYNF~1.EXE

--
End of file - 11497 bytes
[ + lainaa]
kalminen
AfterDawn Addict
_ 		20. joulukuuta 2009 @ 19:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 17.
jre-6u16-windows-i586-p.exe => 15.?? MB
Lataa työpöydälle ja sammuta kaikki selaimet ennen asennusta

---------------------------------------------------------------------------------------

Mene alapalkista vasemmalla lippu-pallo ==> Alin laatikko Aloita haku: ja kirjoita siihen Palvelut ja Entteriä.
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.

Etsi
McAfee Application Installer
zlkktwzhwhpzza


TuplaKlikkaa riviä ja valikosta muutat Käynnistystapa Ei käytössä.
=> Klikkaa käytä => OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu.(tätä ei ole aina)
Poistu ohjelmasta.

----------------------------------------------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

----------------------------------------------------------------------------------

Toimenpiteet Vistassa (7) suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

**************************************************

Poista ne rivit jotka ovat vielä jäljellä:

Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
(HJT sammuttaa ohjelman ei poista)
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä sammuta ne.(fix Chekked)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O23 - Service: zlkktwzhwhpzza - asm - c:\windows\system32\OOZYNF~1.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Poista bootin jälkeen =>
c:\windows\system32\OOZYNF~1.EXE <= tuo ylämato tarkoittaa joukkoa merkkejä (arvaa)

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Auttoiko ???
*
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		21. joulukuuta 2009 @ 20:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Örrgh... No johan on... Tuossa kohtaan kun piti mennä Palvelut ja sieltä muuttaa käynnistystapaa, niin tuo zlkktwzhwhpzza muuttui heti takaisin automaattiseksi ja sitä ei voinut pysäyttää.

Ja sitten tuon OOZYNF~1.EXE:n poistaminen, niin menenkö ihan sinne system32 kansioon ja sitten poistan sen sieltä? Kokeilin, ja valitti että tarvitaan käyttöoikeuksia...

Ja tässä vielä logit:

HJT-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:45, on 21.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\System32\mobsync.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC64EA6-E3DE-400B-B198-29BD22199CAE}: NameServer = 193.229.0.40 193.229.0.42
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: zlkktwzhwhpzza - asm - c:\windows\system32\OOZYNF~1.EXE

--
End of file - 11031 bytes

Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.42
Tietokantaversio: 3398
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

21.12.2009 16:34:41
mbam-log-2009-12-21 (16-34-41).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 251188
Kulunut aika: 1 hour(s), 55 minute(s), 18 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


En tiedä, mutta voi tosin olla, että en vain oikein osaa...
[ + lainaa]
kalminen
AfterDawn Addict
_ 		22. joulukuuta 2009 @ 15:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asennaJava SE Runtime Environment (JRE) 6 Update 17.
jre-6u16-windows-i586-p.exe => 15.?? MB
Lataa työpöydälle ja sammuta kaikki selaimet ennen asennusta

---------------------------------------------------------------------------------------

Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen. 

:regfind

zlkktwzhwhpzza



:file 

c:\windows\system32\OOZYNF*.EXE



:filefind 

OOZYNF*.EXE



:dir

C:\WINDOWS\system32\drivers\etc /s



:service 

zlkktwzhwhpzza
Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

=> SystemLook.txt
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		22. joulukuuta 2009 @ 16:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä olisi nämä lokit:


JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Dec 20 20:36:20 2009

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Dec 22 15:52:28 2009

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

------------------------------------

Finished reporting.




SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:02 on 22/12/2009 by Marika (Administrator - Elevation successful)

========== regfind ==========

Searching for "zlkktwzhwhpzza"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zlkktwzhwhpzza]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zlkktwzhwhpzza]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza]

========== file ==========

c:\windows\system32\OOZYNF*.EXE - Unable to find/read file.

========== filefind ==========

Searching for "OOZYNF*.EXE"
C:\Windows\System32\oozynfbuh.exe --a--- 82003 bytes [13:24 11/07/2009] [13:24 11/07/2009] FBAC8B352BF7455AABDD44769AE80623

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
hosts --a--- 761 bytes [10:23 02/11/2006] [21:41 18/09/2006]
lmhosts.sam --a--- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
networks --a--- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
protocol --a--- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
services --a--- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

No folders found.

========== service ==========

zlkktwzhwhpzza - Unable to open Service Handle.

-=End Of File=-
[ + lainaa]
kalminen
AfterDawn Addict
_ 		22. joulukuuta 2009 @ 17:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.


Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

-----------------------------------------------------

1. Lataa combofix.exe työpöydällesi:

combofix.exe


Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
Driver::
zlkktwzhwhpzza
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zlkktwzhwhpzza]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zlkktwzhwhpzza]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza]

File::
C:\Windows\System32\oozynfbuh.exe


Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä =>
(C:\ComboFix.txt)
Uusi HJT logi

.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		22. joulukuuta 2009 @ 18:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Öööhh... Tuota noin, mistäs mä ton combofix.txt-tiedoston oikein löydän? :S
[ + lainaa]
kalminen
AfterDawn Addict
_ 		22. joulukuuta 2009 @ 19:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Muistiossa/Notepadissa tallennat sen työpöydälle,
josta se on helppo raahata Combon kuvakkeen
päälle joka on myös työpöydöllä.
:D
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		22. joulukuuta 2009 @ 19:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Siis se jonka pyysit lähettään tänne?

Noo, tässä nyt on tämä HJT- loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:45, on 22.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: zlkktwzhwhpzza - asm - c:\windows\system32\OOZYNF~1.EXE

--
End of file - 9977 bytes
[ + lainaa]
kalminen
AfterDawn Addict
_ 		23. joulukuuta 2009 @ 08:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tämmöisestä paikasta
Lähetä =>
C:\ComboFix.txt
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		23. joulukuuta 2009 @ 18:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Oookei, mutta en siltikään löydä sitä... Kun koko kone sammuu aina siinä kohtaan kun tulee se "Tarkistaa saastuneita tiedostoja. Tämä ei kestä yleensä 10 minuuttia kauempaa. Hyvin saastuneilla koneilla tarkistusaika voi olla kaksinkertainen." Se on vähän aikaa siinä ja sitten koko näyttö menee mustaksi ja kone käynnistyy uudelleen. :/
[ + lainaa]
kalminen
AfterDawn Addict
_ 		23. joulukuuta 2009 @ 19:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti. 
:services 

zlkktwzhwhpzza

oozynfbuh.exe

:processes

zlkktwzhwhpzza

oozynfbuh.exe

:reg

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zlkktwzhwhpzza] 

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zlkktwzhwhpzza] 

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza]

:files

C:\Windows\System32\oozynfbuh.exe

:commands 

[emptytemp]

* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

Lähetä:
OTMoveIt logi. ja
Uusi HJT logi
Jos joku kohta ei onnistu kerro
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		23. joulukuuta 2009 @ 20:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Oookraaaai, tässä olisi nämä logit:

All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to stop service zlkktwzhwhpzza!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza deleted successfully.
Error: No service named oozynfbuh.exe was found to stop!
Unable to stop service oozynfbuh.exe!
========== PROCESSES ==========
No active process named zlkktwzhwhpzza was found!
No active process named oozynfbuh.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zlkktwzhwhpzza\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zlkktwzhwhpzza\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza\ not found.
========== FILES ==========
C:\Windows\System32\oozynfbuh.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Marika
->Temp folder emptied: 3929391 bytes
->Temporary Internet Files folder emptied: 11635306 bytes
->Java cache emptied: 33520167 bytes
->FireFox cache emptied: 89985699 bytes

User: Public

User: Vieras
->Temp folder emptied: 50097 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3244565 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2409978 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 885271 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 139,00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12232009_195218

Files moved on Reboot...
C:\Users\Marika\AppData\Local\Temp\~DF8E11.tmp moved successfully.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:25, on 23.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\windows\System32\mobsync.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AOL-työkalurivi Haku - C:\ProgramData\AOL\ieToolbar\resources\fi-FI\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC64EA6-E3DE-400B-B198-29BD22199CAE}: NameServer = 193.229.0.40 193.229.0.42
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll C:\Windows\System32\APSHook.dll C:\Windows\System32\APSHook.dll APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: zlkktwzhwhpzza - asm - c:\windows\system32\OOZYNF~1.EXE

--
End of file - 10112 bytes
[ + lainaa]
kalminen
AfterDawn Addict
_ 		23. joulukuuta 2009 @ 20:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa GMER ja tallenna se työpöydällesi:
* Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
* Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
* Älä rastita "Show All" boksia skannauksen aikana!
* Kun skannaus on valmis, klikkaa Copy.
* Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
* Liitä loki sitten viestiketjuusi.
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		24. joulukuuta 2009 @ 17:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-24 04:35:21
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Marika\AppData\Local\Temp\uwryypod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\windows\System32\Drivers\SafeBoot.sys Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9BA0E000, 0x1FB97A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jusched.exe[1140] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 003D98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1140] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 003D9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1140] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 003D26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1140] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 003D27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[1140] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 003D91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[1152] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 002398F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[1152] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00239380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[1152] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 002326B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[1152] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 002327C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[1152] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 002391E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 003E98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 003E9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 003E26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 003E27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 003E91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!SetScrollRange 76FED185 5 Bytes JMP 001D23A0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!GetSysColorBrush 76FEE21C 5 Bytes JMP 001D2490 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!GetScrollInfo 76FEF073 7 Bytes JMP 001D2270 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!ShowScrollBar 76FEF8AE 5 Bytes JMP 001D23F0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!SetScrollInfo 76FF71D8 7 Bytes JMP 001D2320 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!GetSysColor 76FF9BF6 5 Bytes JMP 001D2430 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!EnableScrollBar 7700AF53 7 Bytes JMP 001D2230 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!GetScrollPos 7701337D 5 Bytes JMP 001D22B0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!GetScrollRange 770134A5 5 Bytes JMP 001D22E0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[1180] USER32.dll!SetScrollPos 77013602 5 Bytes JMP 001D2360 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\windows\System32\mobsync.exe[1448] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 004898F0 C:\Windows\System32\msruncerc.dll
.text C:\windows\System32\mobsync.exe[1448] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00489380 C:\Windows\System32\msruncerc.dll
.text C:\windows\System32\mobsync.exe[1448] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 004826B0 C:\Windows\System32\msruncerc.dll
.text C:\windows\System32\mobsync.exe[1448] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 004827C0 C:\Windows\System32\msruncerc.dll
.text C:\windows\System32\mobsync.exe[1448] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 004891E0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Ati2evxx.exe[1492] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 017398F0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Ati2evxx.exe[1492] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 01739380 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Ati2evxx.exe[1492] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 017326B0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Ati2evxx.exe[1492] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 017327C0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Ati2evxx.exe[1492] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 017391E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[1544] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 003E98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[1544] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 003E9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[1544] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 003E26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[1544] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 003E27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[1544] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 003E91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[1568] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 012698F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[1568] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 01269380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[1568] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 012626B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[1568] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 012627C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe[1568] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 012691E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1592] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 01B298F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1592] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 01B29380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1592] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 01B226B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1592] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 01B227C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1592] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 01B291E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1924] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 008698F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1924] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00869380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1924] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 008626B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1924] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 008627C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1924] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 008691E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1940] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 001B98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1940] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 001B9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1940] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 001B26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1940] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 001B27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1940] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 001B91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2120] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 001998F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2120] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00199380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2120] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 001926B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2120] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 001927C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2120] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 001991E0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Dwm.exe[2268] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 019A98F0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Dwm.exe[2268] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 019A9380 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Dwm.exe[2268] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 019A26B0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Dwm.exe[2268] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 019A27C0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\Dwm.exe[2268] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 019A91E0 C:\Windows\System32\msruncerc.dll
.text C:\Windows\WindowsMobile\wmdSync.exe[2356] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 007C98F0 C:\Windows\System32\msruncerc.dll
.text C:\Windows\WindowsMobile\wmdSync.exe[2356] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 007C9380 C:\Windows\System32\msruncerc.dll
.text C:\Windows\WindowsMobile\wmdSync.exe[2356] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 007C26B0 C:\Windows\System32\msruncerc.dll
.text C:\Windows\WindowsMobile\wmdSync.exe[2356] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 007C27C0 C:\Windows\System32\msruncerc.dll
.text C:\Windows\WindowsMobile\wmdSync.exe[2356] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 007C91E0 C:\Windows\System32\msruncerc.dll
.text c:\program files\grqfxtmjjjutia\oozynfbu.exe[2372] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 002498F0 C:\Windows\System32\msruncerc.dll
.text c:\program files\grqfxtmjjjutia\oozynfbu.exe[2372] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00249380 C:\Windows\System32\msruncerc.dll
.text c:\program files\grqfxtmjjjutia\oozynfbu.exe[2372] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 002426B0 C:\Windows\System32\msruncerc.dll
.text c:\program files\grqfxtmjjjutia\oozynfbu.exe[2372] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 002427C0 C:\Windows\System32\msruncerc.dll
.text c:\program files\grqfxtmjjjutia\oozynfbu.exe[2372] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 002491E0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\taskeng.exe[2484] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 00CC98F0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\taskeng.exe[2484] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00CC9380 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\taskeng.exe[2484] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 00CC26B0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\taskeng.exe[2484] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 00CC27C0 C:\Windows\System32\msruncerc.dll
.text C:\windows\system32\taskeng.exe[2484] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 00CC91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2592] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 002098F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2592] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00209380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2592] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 002026B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2592] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 002027C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2592] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 002091E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe[2672] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 001C98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe[2672] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 001C9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe[2672] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 001C26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe[2672] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 001C27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe[2672] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 001C91E0 C:\Windows\System32\msruncerc.dll
.text C:\windows\Explorer.EXE[2772] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 018C98F0 C:\Windows\System32\msruncerc.dll
.text C:\windows\Explorer.EXE[2772] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 018C9380 C:\Windows\System32\msruncerc.dll
.text C:\windows\Explorer.EXE[2772] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 018C26B0 C:\Windows\System32\msruncerc.dll
.text C:\windows\Explorer.EXE[2772] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 018C27C0 C:\Windows\System32\msruncerc.dll
.text C:\windows\Explorer.EXE[2772] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 018C91E0 C:\Windows\System32\msruncerc.dll
.text C:\Users\Marika\Desktop\gmer.exe[2852] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 002B98F0 C:\Windows\System32\msruncerc.dll
.text C:\Users\Marika\Desktop\gmer.exe[2852] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 002B9380 C:\Windows\System32\msruncerc.dll
.text C:\Users\Marika\Desktop\gmer.exe[2852] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 002B26B0 C:\Windows\System32\msruncerc.dll
.text C:\Users\Marika\Desktop\gmer.exe[2852] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 002B27C0 C:\Windows\System32\msruncerc.dll
.text C:\Users\Marika\Desktop\gmer.exe[2852] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 002B91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3168] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 018B98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3168] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 018B9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3168] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 018B26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3168] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 018B27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3168] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 018B91E0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3188] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 007C98F0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3188] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 007C9380 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3188] KERNEL32.dll!CreateProcessW 76931BF3 5 Bytes JMP 007C26B0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3188] KERNEL32.dll!CreateProcessA 76931C28 5 Bytes JMP 007C27C0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3188] KERNEL32.dll!OpenProcess 76977267 5 Bytes JMP 007C91E0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[3232] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 03EA98F0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[3232] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 03EA9380 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[3232] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 03EA26B0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[3232] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 03EA27C0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe[3232] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 03EA91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3372] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 003C98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3372] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 003C9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3372] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 003C26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3372] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 003C27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3372] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 003C91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3416] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 003D98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3416] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 003D9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3416] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 003D26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3416] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 003D27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3416] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 003D91E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3636] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 002198F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3636] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00219380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3636] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 002126B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3636] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 002127C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3636] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 002191E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3808] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 001998F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3808] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00199380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3808] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 001926B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3808] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 001927C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3808] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 001991E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3824] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 019898F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3824] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 01989380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3824] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 019826B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3824] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 019827C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3824] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 019891E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 007C98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 007C9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 007C26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 007C27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 007C91E0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[4168] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 01C998F0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[4168] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 01C99380 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[4168] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 01C926B0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[4168] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 01C927C0 C:\Windows\System32\msruncerc.dll
.text c:\Program Files\ActivIdentity\ActivClient\acevents.exe[4168] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 01C991E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4700] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 001998F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4700] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 00199380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4700] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 001926B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4700] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 001927C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[4700] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 001991E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5032] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 100098F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5032] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 10009380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5032] KERNEL32.dll!CreateProcessW 76931BF3 5 Bytes JMP 100026B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5032] KERNEL32.dll!CreateProcessA 76931C28 5 Bytes JMP 100027C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5032] KERNEL32.dll!OpenProcess 76977267 5 Bytes JMP 100091E0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5184] ntdll.dll!NtQueryDirectoryFile 76EF4DB4 5 Bytes JMP 051B98F0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5184] ntdll.dll!NtQuerySystemInformation 76EF4F94 5 Bytes JMP 051B9380 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5184] kernel32.dll!CreateProcessW 76931BF3 5 Bytes JMP 051B26B0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5184] kernel32.dll!CreateProcessA 76931C28 5 Bytes JMP 051B27C0 C:\Windows\System32\msruncerc.dll
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[5184] kernel32.dll!OpenProcess 76977267 5 Bytes JMP 051B91E0 C:\Windows\System32\msruncerc.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\services.exe[656] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\windows\system32\services.exe[656] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 02050010
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0204EA90
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0204CA80
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 02050590
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 0204B220
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0204A2E0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0204ACA0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0204C8E0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0204D510
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0204CFF0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0204D490
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0204DFF0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0204D6C0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 0204CC30
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0204D130
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0204CA20
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 0204C5E0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetACP] 02050030
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0204B0D0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0204EFB0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0204EED0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0204EE90
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0204BE60
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 02049AB0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0204CB20
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 02049500
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0204A6E0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 02047F90
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 0204C1B0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 02050000
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [USER32.dll!LoadIconW] 020502D0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [USER32.dll!LoadCursorW] 02050270
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 020504C0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 02050560
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [USER32.dll!LoadStringW] 02050390
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0204FCC0
IAT c:\program files\grqfxtmjjjutia\oozynfbu.exe[2960] @ C:\windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0204F9B0

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process c:\windows\system32\OOZYNF~1.EXE (*** hidden *** ) 932
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [1140] 0x003D0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [1152] 0x00230000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Mobile Partner\Mobile Partner.exe [1180] 0x003E0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\windows\System32\mobsync.exe [1448] 0x00480000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\windows\system32\Ati2evxx.exe [1492] 0x01730000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [1544] 0x003E0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [1568] 0x01260000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1592] 0x01B20000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [1924] 0x00860000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1940] 0x001B0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [2120] 0x00190000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\windows\system32\Dwm.exe [2268] 0x019A0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Windows\WindowsMobile\wmdSync.exe [2356] 0x007C0000

Process c:\program files\grqfxtmjjjutia\oozynfbu.exe (*** hidden *** ) 2372
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ c:\program files\grqfxtmjjjutia\oozynfbu.exe [2372] 0x00240000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\windows\system32\taskeng.exe [2484] 0x00CC0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2592] 0x00200000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [2672] 0x001C0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [2772] 0x018C0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Users\Marika\Desktop\gmer.exe [2852] 0x002B0000

Process c:\program files\grqfxtmjjjutia\oozynfbu.exe (*** hidden *** ) 2960
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ c:\program files\grqfxtmjjjutia\oozynfbu.exe [2960] 0x03DF0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE [3168] 0x018B0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3188] 0x007C0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe [3232] 0x03EA0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [3372] 0x003C0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [3416] 0x003D0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [3636] 0x00210000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashDisp.exe [3808] 0x00190000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\Core\smax4pnp.exe [3824] 0x01980000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3832] 0x007C0000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ c:\Program Files\ActivIdentity\ActivClient\acevents.exe [4168] 0x01C90000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [4700] 0x00190000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5032] 0x10000000
Library C:\Windows\System32\msruncerc.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Contacts\wlcomm.exe [5184] 0x051B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d9a675
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d9a675 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Grqfxtmjjjutia 0 bytes
File C:\Program Files\Grqfxtmjjjutia\help.chm 792742 bytes
File C:\Program Files\Grqfxtmjjjutia\Log 0 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Audio 0 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Text 0 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Text\aiocht.dat 1109871 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Text\aiotxt.dat 304514 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Text\aioweb.dat 89092 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual 0 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual\11022009.dat 31765560 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual\11032009.dat 258088630 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual\11042009.dat 201737889 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual\11052009.dat 190103277 bytes
File C:\Program Files\Grqfxtmjjjutia\Log\Visual\11062009.dat 81703958 bytes
File C:\Program Files\Grqfxtmjjjutia\oozynfbu.exe 2014752 bytes executable
File C:\Program Files\Grqfxtmjjjutia\unins000.dat 12098 bytes
File C:\Program Files\Grqfxtmjjjutia\unins000.exe 686706 bytes
File C:\Windows\System32\msruncerc.dll 122880 bytes executable

---- EOF - GMER 1.0.15 ----
[ + lainaa]
_Silver
Suspended due to non-functional email address
_ 		24. joulukuuta 2009 @ 17:35 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Oho... Tuliki kahteen kertaan sama, ku kone rupes tökkiin...
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. joulukuuta 2009 @ 22:13
kalminen
AfterDawn Addict
_ 		25. joulukuuta 2009 @ 18:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Käynnistä koneesi sillä F8 vikasietotilaan.
Kun se kyselee mistä käynnistetään valit se Hard Disck
Seuraavassa ruudussa valitset Safe Boot tai Vikasietotila.

Tässätilassa Aja se ComboFix ohjelma Järjestelmänvalvojana jos onnistuu.

--------------------------------------

Seuraavaksi mene => C:\Program Files\Grqfxtmjjjutia\unins000.exe
Käynnistät tuon tiedoston JV:nä

Poista kansio => C:\Program Files\Grqfxtmjjjutia\

Kerro tulokset ???
.
[ + lainaa]
(:)
_Silver
Suspended due to non-functional email address
_ 		25. joulukuuta 2009 @ 22:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Käynnistin koneen vikasietotilassa ja yritin ajaa sen ComboFixin järjestelmänvalvojana.

Kun se oli ollut n. 10 minuuttia siinä "Tarkistaa saastuneita tiedostoja. Tämä ei kestä yleensä 10 minuuttia enempää... jnejnejne" niin tuli ilmoitus jossa luki, että:
Sinut kirjataan pian ulos
Windows on kohdannut peruuttamattoman ongelman ja käynnistyy uudelleen minuutin kuluttua. Tallenna työsi nyt."

Yritin pariinkin kertaa ajaa sen, mutta molemmilla kerroilla tuli tuo sama boksi.

Yritänkö siltikin poistaa vikasietotilassa tuon C:\Program Files\Grqfxtmjjjutia\ ?
[ + lainaa]
kalminen
AfterDawn Addict
_ 		26. joulukuuta 2009 @ 13:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Siellä pahanpuoleinen Rootkitt virus !!!

=>
Käynnistä koneesi sillä F8 vikasietotilaan.
Kun se kyselee mistä käynnistetään valit se Hard Disck
Seuraavassa ruudussa valitset Safe Boot tai Vikasietotila.

Seuraavaksi mene => C:\Program Files\Grqfxtmjjjutia\unins000.exe
Käynnistät tuon tiedoston JV:nä

Poista kansio => C:\Program Files\Grqfxtmjjjutia\

-------------------------------------------------------------------------------------

Sitten Jatketaan tällä !!!
Sullahan on se OTM siellä.

* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
* Tuplaklikkaa OTM.exe käynnistääksesi sen. 
:processes

SafeBoot

zlkktwzhwhpzza

oozynfbuh.exe

oozynfbu

oozynfbu.exe

:services

SafeBoot

zlkktwzhwhpzza

oozynfbuh

oozynfbu

:reg

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zlkktwzhwhpzza] 

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zlkktwzhwhpzza] 

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zlkktwzhwhpzza]

:files

C:\windows\System32\Drivers\SafeBoot.sys

C:\Windows\System32\oozynfbu.exe

C:\Windows\System32\oozynfbuh.exe

c:\program files\grqfxtmjjjutia\oozynfbu.exe

c:\program files\grqfxtmjjjutia

:commands 

[emptytemp]

* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

Lähetä =>
OTMoveIt logi.
ja Uusi HJT logi
.
[ + lainaa]
(:)
Mainos
_ 		__
 
_
_Silver
Suspended due to non-functional email address
_ 		27. joulukuuta 2009 @ 13:35 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Joo o, kun pääsin tonne C:\Program Files\Grqfxtmjjjutia\ ni se rupesi pyytelemään jotakin salasanaa jotta se voi uninstallata sen... Joten en saanut sitä poies.

Sitten yritin tuota OTM:ää ja kone käynnisti itsensä uudestaan, tai ainakin yritti. Tuli se Windowsin joku automaattinen korjaus juttu ja se ei saanut korjattua jotaon ongelmaa, joten en mainannut saada konetta auki millään. Viimiseks jäi sitte, että oli pakko palauttaa tehdasasetukset :S

Ni eikös tuo hävinnyt sitten niiden mukana vaai..?

Ja paljon kiiitoksia avustasi! :)
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > koneen muistissa virus? + hjt-loki
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy