|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Troijalaiset häiritsevät, apuja?
|
|
|
Villeme
Suspended due to non-functional email address
|
10. helmikuuta 2008 @ 20:13 |
Linkki tähän viestiin
|
Löytyykö lokista ihmeempiä?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:16, on 4.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080109
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\pmnmj.dll,#1
O4 - HKCU\..\Run: [DDC] C:\Users\Yhteinen\AppData\Local\Temp\kqmogiim.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\byxwx.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Yhteinen\AppData\Local\Temp\mltvaewp.dll",run
O4 - HKCU\..\Run: [70d36b72] rundll32.exe "C:\Users\Yhteinen\AppData\Local\Temp\sntpohee.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games ? Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 11759 bytes
Kun koneen aukaisee niin aukeaa uusi ikkuna jossa lukee:
Virhe: Users/Yhteinen/Appdata/Local/Temp/mltvaewp.dll
Puuttuva määrite:run
Virhe: Users/Yhteinen/Appdata/Local/Temp/bsdeuvej.dll
Puuttuva määrite:run
Kone on varoittanut varmaan jo 7 troijalaisesta ja kaikki on poistettu Avast! Antiviruksella. Intenet aukoo vähän väliä uusia välilehtiä, joista löytyy kaikenlaista mainosta. Kone toimii muuten ihan tavallisesti, mutta troijalaisia löytyy ja se internetti tekee omiaan. Suojauksena on Avast! Antivirus ja Norman.
Mitä teen?
|
|
J77
Member
|
10. helmikuuta 2008 @ 20:20 |
Linkki tähän viestiin
|
|
|
|
Hujo
Suspended permanently
|
10. helmikuuta 2008 @ 21:18 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
=============
1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. helmikuuta 2008 @ 21:19
|
|
Villeme
Suspended due to non-functional email address
|
11. helmikuuta 2008 @ 16:02 |
Linkki tähän viestiin
|
No niin. SDFixiä latasin ja purin, mutta kone ei suostunut aukaisemaan RunThis.batia. Combofixerin tein ja tässä sen loki:
ComboFix 08-02-11.2 - Yhteinen 2008-02-11 15:50:23.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.800 [GMT 2:00]
Running from: C:\Users\Yhteinen\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Windows\system32\launcher.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-11 to 2008-02-11 )))))))))))))))))
.
2008-02-05 20:31 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-05 20:31 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-05 20:30 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-05 20:29 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-05 20:29 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-05 20:29 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-04 15:04 . 2008-02-04 15:04 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-02 15:08 . 2008-02-02 15:08 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 14:38 . 2008-02-02 14:39 <KANSIO> d-------- C:\Program Files\AQ2
2008-02-01 15:03 . 2008-02-01 15:03 <KANSIO> d-------- C:\Windows\DA15D5355E1D4076B5208571346D6238.TMP
2008-02-01 15:03 . 2008-02-01 15:44 <KANSIO> d-------- C:\Windows\48B8222675E34E9092CCD30F79EA6380.TMP
2008-02-01 14:08 . 2008-02-01 14:10 <KANSIO> d-------- C:\BMW M3 Challenge
2008-02-01 13:37 . 2008-02-01 13:37 <KANSIO> d-------- C:\Program Files\SCi Games
2008-01-30 17:18 . 2008-01-30 17:18 398 --a------ C:\Windows\ODBC.INI
2008-01-30 17:15 . 2008-01-30 17:15 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\Microsoft Web Folders
2008-01-28 17:26 . 2008-02-07 14:38 <KANSIO> d-------- C:\Program Files\WarRock
2008-01-28 15:17 . 2007-09-06 09:45 19,000 --a------ C:\Windows\System32\drivers\nvcv32mf.sys
2008-01-25 15:18 . 2008-01-25 15:19 161,347,597 --a------ C:\Windows\MEMORY.DMP
2008-01-24 21:26 . 2008-01-24 21:32 <KANSIO> d-------- C:\Program Files\AdVantage
2008-01-24 15:16 . 2008-01-24 15:17 <KANSIO> d-------- C:\Program Files\Project64 1.6
2008-01-21 15:43 . 2008-01-26 01:17 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\fretsonfire
2008-01-14 16:05 . 2008-01-14 16:05 <KANSIO> d-------- C:\Users\All Users\Trymedia
2008-01-14 16:05 . 2008-01-14 16:05 <KANSIO> d-------- C:\ProgramData\Trymedia
2008-01-13 19:52 . 2008-01-13 19:57 <KANSIO> d-------- C:\Users\Yhteinen\AppData\Roaming\GanymedeNet
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 13:53 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\BitTorrent DNA
2008-02-11 13:30 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-11 13:30 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-11 13:23 --------- d-----w C:\Program Files\Norman
2008-02-07 19:57 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\uTorrent
2008-02-04 17:00 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Xfire
2008-02-04 16:54 --------- d-s---w C:\Program Files\Xfire
2008-02-02 08:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 13:44 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-31 12:07 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\MP3Rocket
2008-01-25 14:44 --------- d-----w C:\Program Files\Rockstar Games
2008-01-21 13:43 --------- d-----w C:\Program Files\Frets on Fire
2008-01-14 14:22 --------- d-----w C:\Program Files\Ski Jump International
2008-01-10 15:34 --------- d-----w C:\Program Files\Deadhunt Demo
2008-01-10 12:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 12:09 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-10 12:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-10 12:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-10 12:09 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-10 12:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-10 12:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 12:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-10 12:07 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 12:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 12:07 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 12:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-10 12:07 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 12:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-10 12:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-10 12:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-01-10 12:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-10 12:07 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-10 12:07 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 12:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 17:03 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-01-08 18:25 --------- d-----w C:\Program Files\AvexLab
2008-01-07 13:14 --------- d-----w C:\Program Files\Gamescampus
2008-01-03 14:12 --------- d-----w C:\ProgramData\Nokia
2008-01-03 12:45 --------- d-----w C:\Program Files\Nokia
2008-01-03 12:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-03 12:44 --------- d-----w C:\ProgramData\Installations
2007-12-27 18:40 --------- d-----w C:\ProgramData\Apple Computer
2007-12-27 18:40 --------- d-----w C:\Program Files\QuickTime
2007-12-27 18:39 --------- d-----w C:\ProgramData\Apple
2007-12-27 18:39 --------- d-----w C:\Program Files\Apple Software Update
2007-12-27 10:07 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Datalayer
2007-12-17 18:34 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-14 19:32 --------- d-----w C:\Program Files\DivX
2007-12-14 13:01 --------- d-----w C:\ProgramData\Symantec
2007-12-13 14:00 --------- d-----w C:\Users\Yhteinen\AppData\Roaming\Winamp
2007-12-13 13:58 --------- d-----w C:\Program Files\Winamp
2007-12-13 12:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 12:17 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 12:17 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 12:16 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 12:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 12:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 12:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 12:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 12:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 12:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 12:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 12:13 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 12:13 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 22:34 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-20 10:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 20:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 20:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 20:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 20:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 20:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 20:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 20:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 20:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 20:04 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 20:04 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 20:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 20:03 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-09-20 04:34 174 --sha-w C:\Program Files\desktop.ini
2007-09-13 15:00 344 ----a-w C:\Users\Yhteinen\AppData\Roaming\wklnhst.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 14:06 1232896]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-01-29 09:18 357904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-26 18:15 149040]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 13:08 860160]
"BitTorrent DNA"="C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe" [2007-09-19 08:13 284992]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-24 15:02 171448]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 18:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 19:46 153136]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 10:31 819712]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29 176128]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-09-03 12:29 197880]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"soneraVista"="wscript.exe" [2006-11-02 11:46 135168 C:\Windows\System32\wscript.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-07-27 18:28:30 119528]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 08:55]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-07-18 14:26]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 19:52]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 11:55]
R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 07:11]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 16:09]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 23:28]
S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 14:25]
S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 14:25]
S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 14:25]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57} /qb
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 15:54:25
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-11 15:55:51
ComboFix-quarantined-files.txt 2008-02-11 13:55:45
.
2008-02-08 11:46:16 --- E O F ---
|
|
Hujo
Suspended permanently
|
11. helmikuuta 2008 @ 18:05 |
Linkki tähän viestiin
|
|
entäs tuo SDFix. raportti hjt:n lokin kera
Voiko tietsikka koskaan toimia?
|
|
Villeme
Suspended due to non-functional email address
|
11. helmikuuta 2008 @ 19:13 |
Linkki tähän viestiin
|
|
SDFixiä en saanut toimimaan.
|
|
Hujo
Suspended permanently
|
11. helmikuuta 2008 @ 19:19 |
Linkki tähän viestiin
|
Juu eipä se vistassa vatkaa
lataa startuplite
tallena tiedosto työpöydälle. Tuplalikkaa StartUpLitenn.exe:ä
sitten voi valita mitä jätät käynnistyviin ja paina sitten continue.
================
Lataa: RegSeeker.zip työpöydälle:
Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.
Voiko tietsikka koskaan toimia?
|
|
Villeme
Suspended due to non-functional email address
|
11. helmikuuta 2008 @ 19:57 |
Linkki tähän viestiin
|
Nyt toimii kone moitteettomasti, kiitoksii sulle. Tässä vielä HJT loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:16, on 4.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [soneraVista] wscript.exe "C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\vista\vistaupdate.js" sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20080109
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yhteinen\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\pmnmj.dll,#1
O4 - HKCU\..\Run: [DDC] C:\Users\Yhteinen\AppData\Local\Temp\kqmogiim.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Yhteinen\AppData\Local\Temp\byxwx.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Yhteinen\AppData\Local\Temp\mltvaewp.dll",run
O4 - HKCU\..\Run: [70d36b72] rundll32.exe "C:\Users\Yhteinen\AppData\Local\Temp\sntpohee.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games ? Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 11759 bytes
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
11. helmikuuta 2008 @ 20:02 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Voiko tietsikka koskaan toimia?
|
|
