RunDLL ikkuna käynnistettäessä

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 16.11.2025 / 23:05

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > rundll ikkuna käynnistettäessä

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

RunDLL ikkuna käynnistettäessä

Siirry:

Kirjoittaja

Viesti

Aleksi321

Suspended due to non-functional email address

21. tammikuuta 2009 @ 17:24

Linkki tähän viestiin

Kun Vistan käynnistää tulee tällainen ikkuna:
RunDLL
Virhe ladattaessa:C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN. DLL
Määritettyä osaa ei löydy

HJT työntää muistioon tällaista:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:02, on 21.1.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
G:\Muuta\Karon TV\tvjbMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Aksun\AppData\Local\Google\Update\GoogleU pdate.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
G:\LATAUKSET\Ladatut tiedostot\X-Chat 2\xchat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Aksun\Desktop\hjt\skanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv0.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tvjbmonitor] G:\Muuta\Karon TV\tvjbMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Aksun\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/eng/poker_2_0_0_49.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C33C1471-D664-46 5B-8D7D-3350E9C9261D}: NameServer = 195.197.54.100 195.74.0.47
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandle r.exe

[ + lainaa]

...ja jumissa...

Hujo

Suspended permanently

21. tammikuuta 2009 @ 17:35

Linkki tähän viestiin

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Aksun\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

Poista kansio

C:\Program Files\SweetIM

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

[ + lainaa]

Voiko tietsikka koskaan toimia?

Aleksi321

Suspended due to non-functional email address

22. tammikuuta 2009 @ 07:25

Linkki tähän viestiin

Malwaren logi:

Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1675
Windows 6.0.6000

21.1.2009 23:49:17
mbam-log-2009-01-21 (23-49-17).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 194548
Kulunut aika: 2 hour(s), 25 minute(s), 43 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 8
Saastuneita rekisteriarvoja: 5
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 4
Saastuneita tiedostoja: 5

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live_TV Toolbar (Adware.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Program Files\Live_TV\tbLiv0.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\tbLive.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\toolbar.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Live_TV\UNWISE.EXE (Adware.Agent) -> Quarantined and deleted successfully.

[ + lainaa]

...ja jumissa...

Hujo

Suspended permanently

22. tammikuuta 2009 @ 22:50

Linkki tähän viestiin

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Aleksi321

Suspended due to non-functional email address

23. tammikuuta 2009 @ 07:58

Linkki tähän viestiin

ComboFixin loki:

ComboFix 09-01-21.04 - Lamminaho 23.01.2009 7:45:22.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.1918.1207 [GMT 2:00]
Sijainti: c:\users\Aksun\Desktop\ComboFix.exe
AV: Norman Virus Control ver. 5.99 *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-23 to 2009-01-23 )))))))))))))))))
.

2009-01-22 21:07 . 22.01.2009 21:07 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\Malwarebytes
2009-01-21 21:15 . 21.01.2009 21:15 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\Malwarebytes
2009-01-21 21:15 . 21.01.2009 21:15 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-21 21:15 . 21.01.2009 21:15 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-21 21:15 . 14.01.2009 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 21:15 . 14.01.2009 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-18 20:25 . 18.01.2009 20:25 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\Lyrik
2009-01-18 19:54 . 19.01.2009 18:36 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\foobar2000
2009-01-18 17:38 . 18.01.2009 17:38 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\Ahead
2009-01-18 15:25 . 01.12.2006 16:46 151,552 --a------ c:\windows\System32\MPEG2VideoDMO.dll
2009-01-17 12:52 . 17.01.2009 12:53 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\Winamp
2009-01-17 12:14 . 10.05.2008 05:30 858,112 --a------ c:\windows\System32\RacEngn.dll
2009-01-17 12:14 . 03.09.2008 05:56 465,408 --a------ c:\windows\System32\newdev.dll
2009-01-17 12:14 . 03.09.2008 05:56 74,752 --a------ c:\windows\System32\newdev.exe
2009-01-17 12:14 . 10.05.2008 00:22 8,830 --a------ c:\windows\System32\RacUR.xml
2009-01-17 12:14 . 10.05.2008 00:22 153 --a------ c:\windows\System32\RacUREx.xml
2009-01-16 22:04 . 16.01.2009 22:04 <KANSIO> d-------- c:\users\All Users\Lyrik
2009-01-16 22:04 . 16.01.2009 22:04 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\Lyrik
2009-01-16 22:04 . 16.01.2009 22:04 <KANSIO> d-------- c:\programdata\Lyrik
2009-01-16 22:04 . 10.09.2008 12:05 139,264 --a------ c:\windows\System32\sunitext.ocx
2009-01-16 22:04 . 24.06.1998 01:00 108,336 --a------ c:\windows\System32\MSWINSCK.OCX
2009-01-16 21:55 . 16.01.2009 21:55 <KANSIO> d-------- c:\users\All Users\Winamp Toolbar
2009-01-16 21:55 . 16.01.2009 21:57 <KANSIO> d-------- c:\users\All Users\OrbNetworks
2009-01-16 21:55 . 16.01.2009 21:55 <KANSIO> d-------- c:\programdata\Winamp Toolbar
2009-01-16 21:55 . 16.01.2009 21:57 <KANSIO> d-------- c:\programdata\OrbNetworks
2009-01-16 21:55 . 16.01.2009 21:55 <KANSIO> d-------- c:\program files\Winamp Toolbar
2009-01-16 21:55 . 16.01.2009 21:55 <KANSIO> d-------- c:\program files\Winamp Remote
2009-01-16 21:32 . 17.01.2009 13:07 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\Winamp
2009-01-16 21:32 . 08.03.2007 01:51 129,784 --------- c:\windows\System32\pxafs.dll
2009-01-14 16:33 . 16.12.2008 05:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-11 15:13 . 11.01.2009 15:51 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\LimeWire
2008-12-30 18:24 . 30.12.2008 18:24 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\Vidalia
2008-12-30 18:02 . 20.01.2009 19:04 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\uTorrent
2008-12-30 16:14 . 30.12.2008 18:34 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\Vidalia
2008-12-28 19:22 . 28.12.2008 19:22 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\BSplayer Pro
2008-12-28 19:22 . 29.12.2008 21:16 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\BSplayer
2008-12-28 19:22 . 28.12.2008 19:22 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\dvdcss
2008-12-28 19:22 . 28.12.2008 19:22 <KANSIO> d-------- c:\program files\BS.Player ControlBar
2008-12-28 16:01 . 28.12.2008 16:01 <KANSIO> d-------- c:\program files\Conduit
2008-12-26 22:06 . 20.01.2009 20:18 <KANSIO> d-------- c:\users\Aksun\AppData\Roaming\LimeWire
2008-12-25 21:53 . 25.12.2008 21:53 <KANSIO> d-------- c:\program files\Opera
2008-12-25 15:56 . 25.12.2008 15:56 <KANSIO> d-------- c:\program files\GameSpy Arcade
2008-12-25 11:45 . 25.12.2008 11:45 <KANSIO> d-------- c:\users\Lamminaho\AppData\Roaming\GRETECH
2008-12-23 16:15 . 09.01.2009 18:57 31 --a------ c:\users\Aksun\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 05:05 --------- d-----w c:\program files\Norman
2009-01-22 19:56 --------- d-----w c:\users\Aksun\AppData\Roaming\X-Chat 2
2009-01-19 17:21 --------- d-----w c:\users\Aksun\AppData\Roaming\foobar2000
2009-01-18 13:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 15:23 720 ----a-w c:\users\Aksun\AppData\Roaming\wklnhst.dat
2009-01-16 18:12 --------- d-----w c:\programdata\WLInstaller
2009-01-16 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-16 16:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-14 20:01 --------- d-----w c:\program files\Windows Mail
2009-01-09 15:46 31 ----a-w c:\users\Lamminaho\jagex_runescape_preferences.dat
2009-01-05 17:16 --------- d-----w c:\users\Lamminaho\AppData\Roaming\X-Chat 2
2008-12-30 13:10 --------- d-----w c:\users\Aksun\AppData\Roaming\gtk-2.0
2008-12-25 21:11 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-25 13:55 --------- d-----w c:\program files\Microsoft Games
2008-12-25 10:26 --------- d-----w c:\program files\EA SPORTS
2008-12-25 09:56 --------- d-----w c:\users\Lamminaho\AppData\Roaming\mIRC
2008-12-22 15:42 --------- d-----w c:\users\Aksun\AppData\Roaming\BSplayer
2008-12-22 15:25 --------- d-----w c:\users\Aksun\AppData\Roaming\GRETECH
2008-12-20 13:27 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 13:17 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-14 13:16 --------- d-----w c:\program files\Java
2008-12-12 16:36 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 13:54 174 --sha-w c:\program files\desktop.ini
2008-12-09 16:51 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-29 18:53 --------- d-----w c:\users\Aksun\AppData\Roaming\HP
2008-11-29 11:58 --------- d-----w c:\programdata\Symantec
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-04-14 16:24 728 ----a-w c:\users\Lamminaho\AppData\Roaming\wklnhst.dat
2008-07-23 09:16 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-23 09:16 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-23 09:16 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [09.01.2008 18:46 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 21:35 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [02.11.2006 14:35 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [18.07.2008 11:30 165304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [22.11.2006 18:31 630784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 20:46 153136]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [02.06.2008 13:46 273520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [14.12.2008 15:17 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [11.03.2007 21:34 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [15.10.2008 01:04 39792]
"tvjbmonitor"="g:\muuta\Karon TV\tvjbMonitor.exe" [26.12.2006 17:08 53248]
"RtHDVCpl"="RtHDVCpl.exe" [10.04.2007 16:01 4431872 c:\windows\RtHDVCpl.exe]

c:\users\Lamminaho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 -n?ytt?leikkeet ja Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-19 21504]

c:\users\Aksun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 -n?ytt?leikkeet ja Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6CC88650-53D2-434E-AEAE-7169045F159D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D9F0A7DF-E790-4287-B2B4-E0E5DDC69201}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D93ADF38-AE8B-4C99-8C16-EB02533CA035}"= UDP:c:\program files\Norman\NVC\bin\Nvcut.exe:Apuohjelmat
"{6350CF68-929A-4CFD-825C-DC6125F014F1}"= TCP:c:\program files\Norman\NVC\bin\Nvcut.exe:Apuohjelmat
"{62A5CCE5-23A0-4780-B72F-6D82FD574A32}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 6.2
"{DA30A97E-5DE2-44FE-B8E3-299BA0CC0D4B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 6.2
"{15F384FD-F121-42D1-A53F-884B512AFBC2}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 6.2
"{2016B760-A24C-4B17-B1E8-A77C8DD08E17}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 6.2
"{2A2F158D-A475-4FD6-9116-CAA5A32C66CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FF44BCD9-C592-442C-ADC3-09A979E2376D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A203CA7F-7990-41AD-B87E-CE0CA3B69E19}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{96D853C9-4927-4FF1-B969-7C72DA19BE6C}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{7CCD2815-BFA2-4540-AFCA-F0CFB4A05410}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{559F064E-CB10-407A-8866-8C86C50B5206}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F05982A9-DC6F-4898-804A-B8415F19ED87}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B4073C50-9528-4E51-B49B-2C4AF65361BE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F37BA870-2FDA-4F47-996F-0B933A3B8279}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{64583F97-15F9-49D8-8434-08221AF497B6}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{5DF56AD9-A994-465D-A3A9-1C78045B9DBA}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{430831A2-CCD4-49B1-B633-DB907E44235D}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{0E25855B-438A-4488-AEDB-693E19ADFA02}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{590C0D07-2D23-4F91-9978-152D239AFC8C}c:\\program files\\ea sports\\nhl 2005\\nhl2005.exe"= UDP:c:\program files\ea sports\nhl 2005\nhl2005.exe:nhl2005
"UDP Query User{889519C6-F51B-411F-A6CB-D9000FC04F8C}c:\\program files\\ea sports\\nhl 2005\\nhl2005.exe"= TCP:c:\program files\ea sports\nhl 2005\nhl2005.exe:nhl2005
"TCP Query User{93E029D4-1A23-4AA6-8AA5-1FE1936CF86B}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{DA43561B-1EB2-4FA1-BB2D-A95AA9FD7E3E}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{060D4BD7-BEDA-4B99-A02D-D60FAD4E2239}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{80C0F71D-9895-4DD4-BFB1-70A4F2E63FF0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CD3672FC-26CD-4AF7-B8AE-56ABD778A947}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{692F2152-EDAD-4D4C-80F7-B3C5A50C75E6}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{DCA36E3E-7B52-4A1F-ADC5-9D21E1662679}c:\\program files\\x-chat 2\\xchat.exe"= UDP:c:\program files\x-chat 2\xchat.exe:xchat
"UDP Query User{068D94C1-4A48-44BE-92BD-707734081B97}c:\\program files\\x-chat 2\\xchat.exe"= TCP:c:\program files\x-chat 2\xchat.exe:xchat
"{A464D637-B74F-45B1-9804-4D2B3CDDEC8B}"= UDP:4360:Klassikot
"{39B348DB-F67C-4C64-8698-9E9974C1754E}"= UDP:4450:Muut yksinpelit
"{E1BA94D6-B007-4058-B413-2E3CA913C58F}"= UDP:4500:Korttipelit
"{A6F4BEF0-3BB4-4D0A-96C6-1B7D9F45ECF3}"= UDP:4350:Minigolf
"TCP Query User{CC54857C-0C82-4748-88B0-392AA86AE11B}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{A79C3846-2B17-4456-AEE1-EE9F5846ED81}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{477CE136-63A8-442F-959F-18834AAF4FB5}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D6DE7EB3-31FE-47BA-A5C0-E771DD597EA1}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7AE36B62-338E-4A2B-BEC5-1F7E103883E9}c:\\users\\aksun\\desktop\\xchat.exe"= UDP:c:\users\aksun\desktop\xchat.exe:xchat.exe
"UDP Query User{B3CE7E78-A4EE-42B6-A846-1E01E4A7A849}c:\\users\\aksun\\desktop\\xchat.exe"= TCP:c:\users\aksun\desktop\xchat.exe:xchat.exe
"TCP Query User{277E91BF-5CB2-47B6-8A90-56D4F141CE2D}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{C5432DD4-6D24-4844-AB1C-824B2810D40D}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{CC5E8351-6D6F-474F-A2E4-9D5AA69BFD0D}f:\\lataukset\\dc++\\dcplusplus.exe"= UDP:f:\lataukset\dc++\dcplusplus.exe:DC++
"UDP Query User{24976099-EE81-45FD-8848-2A581818CDF1}f:\\lataukset\\dc++\\dcplusplus.exe"= TCP:f:\lataukset\dc++\dcplusplus.exe:DC++
"TCP Query User{CCCDBB5E-3439-4E47-8D17-19132251C0AA}f:\\ohjelmia\\asennennetut\\dc++\\dcplusplus.exe"= UDP:f:\ohjelmia\asennennetut\dc++\dcplusplus.exe:DC++
"UDP Query User{B8ACA32E-5887-462F-9F06-EEE9CBF67754}f:\\ohjelmia\\asennennetut\\dc++\\dcplusplus.exe"= TCP:f:\ohjelmia\asennennetut\dc++\dcplusplus.exe:DC++
"TCP Query User{9D30F4F2-DDEE-41E9-BBD9-6156C69EFA36}f:\\ohjelmia\\dc++\\dcplusplus.exe"= UDP:f:\ohjelmia\dc++\dcplusplus.exe:DC++
"UDP Query User{A1440078-625A-4227-ADD7-9F3ED03AE13D}f:\\ohjelmia\\dc++\\dcplusplus.exe"= TCP:f:\ohjelmia\dc++\dcplusplus.exe:DC++
"TCP Query User{DDAA7A4C-A20D-4543-94E8-7820C038223B}f:\\ohjelmia\\dc++\\dcplusplus (2).exe"= UDP:f:\ohjelmia\dc++\dcplusplus (2).exe:DC++
"UDP Query User{AC7BAC90-A21D-42B5-87F0-3F276DD7B6FC}f:\\ohjelmia\\dc++\\dcplusplus (2).exe"= TCP:f:\ohjelmia\dc++\dcplusplus (2).exe:DC++
"TCP Query User{44ABC1DE-ED9A-4E76-A7BC-B8241D8891B0}f:\\ohjelmia\\xchat.exe"= UDP:f:\ohjelmia\xchat.exe:xchat
"UDP Query User{12738921-9DE6-4622-AA94-EF9EB099CA48}f:\\ohjelmia\\xchat.exe"= TCP:f:\ohjelmia\xchat.exe:xchat
"TCP Query User{0B82C252-DBD9-4F5D-8F35-A54D1CDB8057}g:\\ohjelmia\\dc++\\dcplusplus (2).exe"= UDP:g:\ohjelmia\dc++\dcplusplus (2).exe:DC++
"UDP Query User{EB8BE2A6-1D48-43CA-8816-A3CBFEC2B63A}g:\\ohjelmia\\dc++\\dcplusplus (2).exe"= TCP:g:\ohjelmia\dc++\dcplusplus (2).exe:DC++
"TCP Query User{DF680E50-3738-4E86-A59A-54C65CFDF981}g:\\lataukset\\ladatut tiedostot\\x-chat 2\\xchat.exe"= UDP:g:\lataukset\ladatut tiedostot\x-chat 2\xchat.exe:xchat
"UDP Query User{A1898278-4F96-44B5-BE24-E274C26D075C}g:\\lataukset\\ladatut tiedostot\\x-chat 2\\xchat.exe"= TCP:g:\lataukset\ladatut tiedostot\x-chat 2\xchat.exe:xchat
"TCP Query User{2FD323C9-CDD3-4E43-B960-E4DC7EC787EB}g:\\dc++\\dcplusplus.exe"= UDP:g:\dc++\dcplusplus.exe:DC++
"UDP Query User{B7966988-AF23-46D4-9EA9-E0F8D3F47DBE}g:\\dc++\\dcplusplus.exe"= TCP:g:\dc++\dcplusplus.exe:DC++
"TCP Query User{88A17301-BF5B-4469-B703-707BE402F4D2}g:\\asennustiedostot tänne!\\x-chat 2\\xchat.exe"= UDP:g:\asennustiedostot tänne!\x-chat 2\xchat.exe:xchat
"UDP Query User{2951461D-C830-443E-BF70-7A01CD18CCE7}g:\\asennustiedostot tänne!\\x-chat 2\\xchat.exe"= TCP:g:\asennustiedostot tänne!\x-chat 2\xchat.exe:xchat
"TCP Query User{E636CCE3-5A99-46DD-B155-3CB0DE2C3714}g:\\ohjelmia\\asennennetut\\dc++\\dcplusplus.exe"= UDP:g:\ohjelmia\asennennetut\dc++\dcplusplus.exe:DC++
"UDP Query User{9B7E9380-7423-407B-A8FF-C050365C5392}g:\\ohjelmia\\asennennetut\\dc++\\dcplusplus.exe"= TCP:g:\ohjelmia\asennennetut\dc++\dcplusplus.exe:DC++
"TCP Query User{8154B015-E91A-4CC5-92B9-547BA1D2C8C7}g:\\waret\\dc++\\dcplusplus.exe"= UDP:g:\waret\dc++\dcplusplus.exe:DC++
"UDP Query User{5FDD0FC6-42A6-437B-9FF6-C64C3BD3FA1A}g:\\waret\\dc++\\dcplusplus.exe"= TCP:g:\waret\dc++\dcplusplus.exe:DC++
"TCP Query User{1F290B02-38B0-42A1-BF76-9FBD60EE415D}c:\\users\\aksun\\desktop\\dc++\\dcplusplus.exe"= UDP:c:\users\aksun\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"UDP Query User{C12827CD-BE0E-4E99-B69D-54B88F68456E}c:\\users\\aksun\\desktop\\dc++\\dcplusplus.exe"= TCP:c:\users\aksun\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"TCP Query User{E933C3AA-0016-45E5-BC47-48508BB9FF67}g:\\lataukset\\utorrent.exe"= UDP:g:\lataukset\utorrent.exe:µTorrent
"UDP Query User{1C40630D-B596-46B3-B241-9D00CBE38866}g:\\lataukset\\utorrent.exe"= TCP:g:\lataukset\utorrent.exe:µTorrent
"TCP Query User{32FFD328-71D5-4030-AB50-437D142D09B5}g:\\lataukset\\ladatut tiedostot\\x-chat 2\\xchat.exe"= UDP:g:\lataukset\ladatut tiedostot\x-chat 2\xchat.exe:xchat
"UDP Query User{32761F26-4FA6-4EEF-8E07-5094C6EC1A08}g:\\lataukset\\ladatut tiedostot\\x-chat 2\\xchat.exe"= TCP:g:\lataukset\ladatut tiedostot\x-chat 2\xchat.exe:xchat
"TCP Query User{2D5267B2-ED6A-48F6-B563-48F7007E1176}c:\\users\\aksun\\desktop\\dc++\\dcplusplus.exe"= UDP:c:\users\aksun\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"UDP Query User{EB205FCF-0F56-4FEC-9CF0-2436C65F7873}c:\\users\\aksun\\desktop\\dc++\\dcplusplus.exe"= TCP:c:\users\aksun\desktop\dc++\dcplusplus.exe:dcplusplus.exe
"TCP Query User{074C3D0C-9C0F-427D-BAC4-DEE973538C29}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{2790D39F-C061-4482-93CA-1991B15DC1F8}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{9772CCF9-75A3-4EBD-9B7A-974DC93A54E7}g:\\limewire\\limewire.exe"= UDP:g:\limewire\limewire.exe:LimeWire
"UDP Query User{7340119D-668F-4552-96FF-EBE4102C9D7C}g:\\limewire\\limewire.exe"= TCP:g:\limewire\limewire.exe:LimeWire
"TCP Query User{6729F5EF-C7C6-4E3B-8555-B04D3B64C504}g:\\lataukset\\utorrent.exe"= UDP:g:\lataukset\utorrent.exe:µTorrent
"UDP Query User{EE93127B-674F-4E09-AC70-1F9CA6A4E0D4}g:\\lataukset\\utorrent.exe"= TCP:g:\lataukset\utorrent.exe:µTorrent
"TCP Query User{7A300ECE-5033-41F1-960F-FF4C5B529B8D}g:\\propilkki2\\propilkki2.exe"= UDP:g:\propilkki2\propilkki2.exe:Main executable of PP2
"UDP Query User{C7050B58-2530-46D8-809E-AAEAB1B34D80}g:\\propilkki2\\propilkki2.exe"= TCP:g:\propilkki2\propilkki2.exe:Main executable of PP2
"{6A98885A-FB24-4853-BA2B-075839677D97}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{60BAFF87-91DE-4101-9E16-21DF0C463732}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{E6B786D5-4747-43F9-9A20-272F634C6449}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C214AD42-0152-41B6-BEA5-DE7C57DB0445}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1C275F4C-201B-4D86-980A-ADD57C2B4CDC}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{7AC1D6BD-48E5-4500-AEDA-07D6C93B81DD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E20DE17F-37F3-44FD-95BA-F3322170697C}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B11C3706-2F9C-4DF7-A181-835ECFA8ACB7}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{D183A70E-BA75-437B-87BA-284DB6010E72}g:\\ohjelmia\\winamp\\winamp.exe"= UDP:g:\ohjelmia\winamp\winamp.exe:Winamp
"UDP Query User{8EE807FD-5B8A-4847-8300-57EE0C516BBA}g:\\ohjelmia\\winamp\\winamp.exe"= TCP:g:\ohjelmia\winamp\winamp.exe:Winamp
"TCP Query User{05E6453D-E980-409C-9C1F-E16D15023681}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{49846CDD-6683-4DA6-964B-3C0F09E6F094}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{B825DCD9-64EE-4EEF-8A99-656EF6AFD415}g:\\ohjelmia\\asennennetut\\winamp\\winamp.exe"= UDP:g:\ohjelmia\asennennetut\winamp\winamp.exe:Winamp
"UDP Query User{9473D886-DF18-419A-A7BE-ED3FB40F5003}g:\\ohjelmia\\asennennetut\\winamp\\winamp.exe"= TCP:g:\ohjelmia\asennennetut\winamp\winamp.exe:Winamp
"{7244DCE9-A21C-4AA4-AB87-E80D7BE644AF}"= UDP:g:\asennustiedostot tänne!\uTorrent.exe:µTorrent (TCP-In)
"{E7A384A2-953E-47E1-BED6-E11FAA4608E7}"= TCP:g:\asennustiedostot tänne!\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-29 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2008-09-09 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-06-29 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2008-06-29 146488]
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2007-12-01 20448]
S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-10-17 107904]
S3 nvcfsr;nvcfsr;c:\program files\Norman\NVC\bin\Nvcfsr.sys [2007-12-01 6712]
S3 nvcoafl4;nvcoafl4;c:\program files\Norman\NVC\bin\Nvcoafl4.sys [2007-12-01 36472]
S3 nvcoaft4;nvcoaft4;c:\program files\Norman\NVC\bin\Nvcoaft4.sys [2007-12-01 104288]
S3 nvcoarc4;nvcoarc4;c:\program files\Norman\NVC\bin\Nvcoarc4.sys [2007-12-01 25528]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f83e0ac-5167-11dd-a110-00030d72bb5b}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f83e0ae-5167-11dd-a110-00030d72bb5b}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1019fa40-c123-11dc-8ccd-00030d72bb5b}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1019fa41-c123-11dc-8ccd-00030d72bb5b}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa9bb427-a5a1-11dc-ad5d-00030d72bb5b}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa9bb43f-a5a1-11dc-ad5d-00030d72bb5b}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57} /qb
.
'Ajoitetut tehtävät'-kansion sisältö

2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3305909626-2715354323-1799598968-1004.job
- c:\users\Aksun\AppData\Local\Google\Update\GoogleUpdate.exe [03.09.2008 15:22]

2009-01-21 c:\windows\Tasks\Norton Security Scan for Lamminaho.job
- c:\program files\Norton Security Scan\Nss.exe [19.09.2008 04:18]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
mStart Page = hxxp://home.sweetim.com
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Lamminaho\AppData\Roaming\Mozilla\Firefox\Profiles\y9qtzdgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 07:49:08
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 23.01.2009 7:51:48
ComboFix-quarantined-files.txt 2009-01-23 05:51:44

Ennen ajoa: 101 282 295 808 tavua vapaana
Ajon jälkeen: 103,582,552,064 tavua vapaana

303 --- E O F --- 2009-01-17 19:18:53

[ + lainaa]

...ja jumissa...

Hujo

Suspended permanently

23. tammikuuta 2009 @ 12:58

Linkki tähän viestiin

Kirjoita suorita luukkuun

ComboFix /u

Klikkaa OK

========

[ + lainaa]

Voiko tietsikka koskaan toimia?

Aleksi321

Suspended due to non-functional email address

23. tammikuuta 2009 @ 16:48

Linkki tähän viestiin

Tehty. Tuon jälkeen tuli: 'Troijalainen siirretty karanteeniin'
Nytkö on valmista? Kiitoksia avusta! =)

[ + lainaa]

...ja jumissa...

Mainos

Hujo

Suspended permanently

23. tammikuuta 2009 @ 21:28

Linkki tähän viestiin

Tyhjennä Malwarebytes' Anti-Malware karanteeni

Poista roskat

===========

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > rundll ikkuna käynnistettäessä


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.