|
Voisko joku auttaa??
|
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 18:20 |
Linkki tähän viestiin
|
|
Mun taskmanager ei toimi se valittaa jottai et järjestelmän valvoja on ottanu sen pois käytöst. Käytössä vista. ja sit koneelta löytyy joku sillanen ku MsAgent eikä mitään hajuu mikä toi on enkä saa poistettu sitä. kone alkanu tökkii aika paljon ja sit NOD32 valittaa välil jostai trojan downloaderist ja jostai AbeBot tai joku vastaava. SbyBot valittaa et jotain juttuja ei voi poistaa koska en mukamas ole järjestelmän valvojana mut tässä koneella ei ole kuin yksi käyttäjä tili mikä on järjestelmän valvoja.
Tä on vähän sekavasti selitetty mut jos joku osais auttaa nii olisin TODELLA kiitollinen.
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 18:24 |
Linkki tähän viestiin
|
Lataa TÄSTÄ HJTInstall.exe
* Tallenna HJTInstall.exe työpöydällesi.
* Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
* Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
* Klikkaa Install.
* Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
* Kun asennus on valmis, se käynnistää HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.
* ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
* ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 18:28 |
Linkki tähän viestiin
|
Tässä olis tä Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:02, on 7.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\ProgramData\jgvknmlc\pihgpyra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {0EEDB911-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: DVA Media - {2D97AD74-0CBD-443C-82E7-74093471B3B7} - C:\Windows\temlxopqkxo.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: vnbptxlf - {2A800B4E-351C-4230-B792-D73A5EA9CB31} - C:\Windows\vnbptxlf.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Microsoft Windows Update x86] me.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mljiJbcd.dll,#1
O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] me.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jani\AppData\Local\Temp\khFVOffF.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jani\AppData\Local\Temp\pmnkJaYq.dll,#1
O4 - HKLM\..\Policies\Explorer\Run: [O919BOVVZv] C:\ProgramData\jgvknmlc\pihgpyra.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: qdnkewfa - {29627DA8-4DDC-4461-8D99-9D09F2443690} - C:\Windows\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {C153346B-68EE-4D1B-B1C3-E0B451B832B6} - C:\Windows\mgsvflkw.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 13368 bytes
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 18:34 |
Linkki tähän viestiin
|
Lataa TÄSTÄ VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
=============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
=============
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport ? muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 19:25 |
Linkki tähän viestiin
|
Multa ei löydy tuota vundofix.txt tiedostoa.
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 19:40 |
Linkki tähän viestiin
|
|
jatka vain alas päin.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 20:06 |
Linkki tähän viestiin
|
Tässä combofixin loki
ComboFix 08-04-06.1 - Jani 2008-04-07 19:42:33.1 - NTFSx86
Microsoft® Windows Vista? Ultimate 6.0.6000.0.1252.1.1035.18.1293 [GMT 3:00]
Running from: C:\Users\Jani\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Jani\AppData\Roaming\inst.exe
C:\Users\Jani\Desktopblackbird.jpg
C:\Users\Jani\DesktopEditorFKWP1.5.exe
C:\Users\Jani\DesktopEditorFKWP2.0.exe
C:\Users\Jani\Desktopfilemanagerclient.exe
C:\Users\Jani\Desktopfkwp1.5.exe
C:\Users\Jani\Desktopfkwp2.0.exe
C:\Users\Jani\Desktopfwebd.exe
C:\Users\Jani\DesktopFWebdEditor.exe
C:\Users\Jani\DesktopTrojan.Win32.BlackBird.exe
C:\Users\Jani\Desktopvirii
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\system32\mljiJbcd.dll
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32smp
C:\Windows\system32smp\msrc.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-07 to 2008-04-07 )))))))))))))))))
.
2008-04-07 19:10 . 2008-04-07 19:10 <KANSIO> d-------- C:\Users\All Users\xokvzexl
2008-04-07 19:10 . 2008-04-07 19:10 <KANSIO> d-------- C:\ProgramData\xokvzexl
2008-04-07 18:37 . 2008-04-07 19:11 <KANSIO> d-------- C:\VundoFix Backups
2008-04-07 18:26 . 2008-04-07 18:26 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-07 17:07 . 2008-04-07 17:07 691,545 --a------ C:\Windows\unins000.exe
2008-04-07 17:07 . 2008-04-07 17:07 2,538 --a------ C:\Windows\unins000.dat
2008-04-07 17:01 . 2008-04-07 17:01 <KANSIO> d-------- C:\Users\All Users\pyzdjypq
2008-04-07 17:01 . 2008-04-07 17:01 <KANSIO> d-------- C:\ProgramData\pyzdjypq
2008-04-07 10:42 . 2008-04-07 10:42 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Sierra Entertainment
2008-04-07 10:36 . 2008-04-07 10:36 <KANSIO> d-------- C:\Windows\System32\AGEIA
2008-04-07 10:36 . 2008-04-07 10:36 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-04-07 10:24 . 2008-04-06 22:18 335,872 --a------ C:\Windows\mgsvflkw.dll
2008-04-07 10:24 . 2008-04-06 22:18 233,472 --a------ C:\Windows\temlxopqkxo.dll
2008-04-07 10:24 . 2008-04-06 22:18 229,376 --a------ C:\Windows\qdnkewfa.dll
2008-04-07 10:24 . 2008-04-06 22:18 204,800 --a------ C:\Windows\vnbptxlf.dll
2008-04-07 10:24 . 2008-04-06 22:18 94,208 --a------ C:\Windows\apoxqwfv.exe
2008-04-07 10:23 . 2008-04-07 10:23 <KANSIO> d-------- C:\Users\All Users\jgvknmlc
2008-04-07 10:23 . 2008-04-07 10:23 <KANSIO> d-------- C:\ProgramData\jgvknmlc
2008-04-07 10:23 . 2008-04-07 10:23 98,304 --a------ C:\Windows\System32\zmdapitc.exe
2008-03-27 19:57 . 2008-03-27 19:59 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-03-27 19:51 . 2007-10-12 16:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-03-27 19:51 . 2007-10-12 16:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-03-27 19:51 . 2007-10-02 10:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-03-27 19:51 . 2007-10-22 04:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-03-27 19:51 . 2007-10-22 04:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-03-27 11:36 . 2008-03-27 11:36 <KANSIO> d-------- C:\Users\All Users\Trymedia
2008-03-27 11:36 . 2008-03-27 11:36 <KANSIO> d-------- C:\ProgramData\Trymedia
2008-03-27 11:29 . 2008-03-27 11:29 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\GameHouse
2008-03-27 11:29 . 2008-03-27 11:29 <KANSIO> d-------- C:\Users\All Users\n7-89-o9-3r-4t-r9
2008-03-27 11:29 . 2008-03-27 11:29 <KANSIO> d-------- C:\Users\All Users\MumboJumbo
2008-03-27 11:29 . 2008-03-27 11:29 <KANSIO> d-------- C:\ProgramData\n7-89-o9-3r-4t-r9
2008-03-27 11:29 . 2008-03-27 11:29 <KANSIO> d-------- C:\ProgramData\MumboJumbo
2008-03-20 13:33 . 2008-03-20 14:06 55 --a------ C:\Windows\nfsc_patch.ini
2008-03-16 18:30 . 2008-03-16 18:30 <KANSIO> d-------- C:\Program Files\GameSpy Arcade
2008-03-12 11:32 . 2007-12-17 01:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 11:32 . 2007-12-16 12:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 16:23 --------- d-----w C:\Users\Jani\AppData\Roaming\uTorrent
2008-04-07 14:19 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-07 14:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 07:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 07:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 20:06 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-06 20:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-27 16:46 --------- d-----w C:\Program Files\Electronic Arts
2008-03-12 13:45 --------- d-----w C:\Program Files\Java
2008-03-12 09:38 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 09:36 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 15:39 --------- d-----w C:\Users\Jani\AppData\Roaming\LimeWire
2008-03-03 14:50 --------- d-----w C:\Program Files\MSN Messenger
2008-03-03 13:14 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 13:14 --------- d-----w C:\Program Files\Windows Live
2008-03-03 13:13 --------- d-----w C:\ProgramData\WLInstaller
2008-02-15 15:28 --------- d-----w C:\Users\Jani\AppData\Roaming\GetRightToGo
2008-02-14 09:30 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:30 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:24 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 09:24 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 09:24 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 09:24 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 09:24 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-14 09:24 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 09:24 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 09:23 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 09:22 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 09:22 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 09:22 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 09:22 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:22 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:22 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:22 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 09:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 09:22 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:22 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 09:17 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 09:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 09:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 09:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 19:09 --------- d-----w C:\Users\Jani\AppData\Roaming\DivX
2008-02-11 06:40 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-10 15:17 --------- d-----w C:\Users\Jani\AppData\Roaming\Nokia
2008-02-10 15:10 --------- d-----w C:\ProgramData\PC Suite
2008-02-10 15:08 --------- d-----w C:\Users\Jani\AppData\Roaming\PC Suite
2008-02-10 15:07 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-10 15:07 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-10 15:06 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-10 15:06 --------- d-----w C:\Program Files\DIFX
2008-02-10 15:03 --------- d-----w C:\ProgramData\Installations
2008-02-08 22:51 --------- d-----w C:\Program Files\World of Warcraft
2008-02-07 23:34 --------- d-----w C:\Program Files\ESET
2008-02-07 16:05 --------- d-----w C:\Program Files\mIRC
2008-02-07 15:45 --------- d-----w C:\Users\Jani\AppData\Roaming\mIRC
2008-02-07 10:35 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-07 10:32 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-06 12:30 94,208 ----a-w C:\Users\Jani\AppData\Roaming\ezplay.sys
2008-02-06 12:29 47,360 ----a-w C:\Users\Jani\AppData\Roaming\pcouffin.sys
2008-01-11 09:44 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-01-11 09:44 22,328 ----a-w C:\Users\Jani\AppData\Roaming\PnkBstrK.sys
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-10 01:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 20:32 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2007-10-20 12:45 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D97AD74-0CBD-443C-82E7-74093471B3B7}]
2008-04-06 22:18 233472 --a------ C:\Windows\temlxopqkxo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2A800B4E-351C-4230-B792-D73A5EA9CB31}"= "C:\Windows\vnbptxlf.dll" [2008-04-06 22:18 204800]
[HKEY_CLASSES_ROOT\clsid\{2a800b4e-351c-4230-b792-d73a5ea9cb31}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{2114456D-6A21-4CB0-8796-FC773DB60436}]
[HKEY_CLASSES_ROOT\vnbptxlf]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 17:16 171464]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 10:20 222080]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-18 11:47 219952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:33 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-20 15:15 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-22 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-20 17:40 949376]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 08:28 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 15:23 200704]
"Microsoft Windows Update x86"="me.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Update x86"="me.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
C:\Users\Jani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-28 15:40:42 106496]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Enable Labtec Wireless Desktop.lnk - C:\Program Files\Labtec Wireless Desktop\MagicKey.exe [2007-12-05 23:46:31 258048]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-07 15:50:48 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-07 00:42:45 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"O919BOVVZv"= C:\ProgramData\jgvknmlc\pihgpyra.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\mljiJbcd.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qdnkewfa"= {29627DA8-4DDC-4461-8D99-9D09F2443690} - C:\Windows\qdnkewfa.dll [2008-04-06 22:18 229376]
"mgsvflkw"= {C153346B-68EE-4D1B-B1C3-E0B451B832B6} - C:\Windows\mgsvflkw.dll [2008-04-06 22:18 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43F69033-D688-42AC-A120-C7A2D6B6FF42}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{797056A1-8AB3-41FF-9048-EA9A09CFF0A0}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{DDA0EFD0-D43C-4FF2-B2CC-5D3B888A0F71}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8FFA9243-8B64-4044-85F8-A7A4C5090D48}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6B29024-3F03-4BE1-839A-668089AA4FAE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{175B57FD-F231-4184-822F-791D0B5C134A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{580484F4-0AC7-4ABD-B087-B500376891F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{119D9337-0C0D-49C9-9A2B-60CA8ED02806}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F6DA1C94-08B2-47EF-ACB2-A23651790D29}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{062C9C35-ACCE-4EA3-BB1A-0C6485E7643A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B8303E8E-BBFF-4147-93CC-0B13F1B8ECB3}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5FFD9711-78D3-4DA3-B9B5-9FB328DECC75}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{38131D61-BF65-4752-A9BC-8291E7D48BBB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A0563557-6EB5-48E7-BB9B-397DC27EF2B4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{9C8ECFF0-D329-44AF-81EF-030F838F7A0A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"TCP Query User{8DC34D26-DC81-4200-8F7B-6C82BC9450A6}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4AB38802-D54F-43C9-81D3-88DF6C730367}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DF3EC07F-C4E6-4636-BD43-78E504036F99}D:\\program files\\games\\call of duty game of the year edition\\codmp.exe"= UDP:D:\program files\games\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{441AA6B5-AB9F-4E4D-8001-241DD77D5B32}D:\\program files\\games\\call of duty game of the year edition\\codmp.exe"= TCP:D:\program files\games\call of duty game of the year edition\codmp.exe:CoDMP
"TCP Query User{01A0E8D7-8003-457D-8EDC-7889B9023640}D:\\program files\\games\\call of duty game of the year edition\\coduomp.exe"= UDP:D:\program files\games\call of duty game of the year edition\coduomp.exe:CoDUOMP
"UDP Query User{6364B461-4791-4FE4-AFD6-6D4B3483EDB0}D:\\program files\\games\\call of duty game of the year edition\\coduomp.exe"= TCP:D:\program files\games\call of duty game of the year edition\coduomp.exe:CoDUOMP
"TCP Query User{5AECCEA3-DEE2-4F58-BDA9-2EF490A88F48}C:\\users\\jani\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\jani\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{66D62B43-D4E1-4885-AEA5-874333B1258A}C:\\users\\jani\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\jani\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{27B6D9E8-69C9-425F-B7F6-3BC244BE878A}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{95A90148-42B8-4462-BBE8-4B34D5C8A7D6}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm
"{BE748FEF-D4B7-4696-B4EB-DC39C326C7BF}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{72EA0C86-0E2B-4B04-AA0C-A6B9339376D5}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2D077619-B8D7-42A8-894E-26EEBE4370F7}"= UDP:3703:Adobe Version Cue CS3 Server
"{6C3AF974-E009-44BF-9BD0-C8D062A10DDF}"= UDP:3704:Adobe Version Cue CS3 Server
"{B605F723-DCBE-4319-A638-ADD5D0FBF67C}"= UDP:50900:Adobe Version Cue CS3 Server
"{49DCF151-44A3-42C0-BD53-862CC4EA857E}"= UDP:50901:Adobe Version Cue CS3 Server
"{8C78F425-2B91-49AF-AF53-F1FF8EB87372}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{7B097EE5-9467-4F70-808B-BE494BEA5AF2}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F45EB52A-B07E-460B-BA3E-BF4D23D16675}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DB1D206C-A59E-4E7B-8E37-7F9EADD2CA7D}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31BF91C8-ED0E-4F5C-9A58-65E493A04EED}"= UDP:D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:Adobe Photoshop CS3
"{01A24D8A-D86E-4FF9-9B42-D6D76D1B1CC8}"= TCP:D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:Adobe Photoshop CS3
"{1E40722E-CC3B-4762-A877-09C30E07E700}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8428B666-A258-4DBD-BA38-0708D414C799}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E2CA0C66-65A2-45FE-BC11-1DBE55AE74AD}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{61277FB3-C033-43A7-85DD-FB14B56CD82B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9EAD4C24-95DF-4D4F-83FB-D2DD94117DF6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{67596487-F6E2-4BCE-A66C-25472BBF13ED}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A4CED34B-BE72-44C8-BD7A-E912E5C346E5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7CFED448-5738-47B0-91C3-8A2A4D131E5C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{2F5EE865-F460-4AD2-A138-4EC2C8A60BEC}C:\\games\\titan quest - immortal throne\\tqit.exe"= UDP:C:\games\titan quest - immortal throne\tqit.exe:Tqit
"UDP Query User{9AC41FAC-E616-4383-B3CD-6A623FCEA3FD}C:\\games\\titan quest - immortal throne\\tqit.exe"= TCP:C:\games\titan quest - immortal throne\tqit.exe:Tqit
"{7E837DF4-24D9-492A-8A38-D32173B3F6C7}"= UDP:D:\Program Files\Games\Call of Duty - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{ECA30724-0210-4A1E-B3E7-E9ECF050F040}"= TCP:D:\Program Files\Games\Call of Duty - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{77F2BF28-E5ED-451E-831F-A84E17C3CF7F}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{8435CB09-491B-4379-AAB2-900DC7E150EB}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{78F9D8FA-3647-494E-AACD-E9232D070E55}D:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:D:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{47F59D02-C055-4C77-ABF4-DA8AC4EFFC88}D:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:D:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{59FA519D-DC92-4B70-812F-0CEBE8C638CB}D:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:D:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{B6B7E94F-D064-4581-949B-034B196223B4}D:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:D:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{FF2E5FC7-3B17-40BB-8D29-2D6E4CE50551}"= UDP:D:\Program Files\Games\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{D9A450C6-4B18-41C8-901A-47A9EF68AC1D}"= TCP:D:\Program Files\Games\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{6302E952-1F8D-41E3-BD43-69D5F5739DE7}"= UDP:D:\Program Files\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{F76EF114-C464-41EB-A079-4D7D3B7931B8}"= TCP:D:\Program Files\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD13ABDC-5658-4CD5-A669-932CCCB2C33B}"= UDP:D:\Program Files\Games\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{9D08162B-F0FC-4FF6-9BB4-B925BAFC618F}"= TCP:D:\Program Files\Games\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5DFB832A-3916-4504-B5D0-62F5BAC2AB3B}"= UDP:D:\Program Files\Games\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{D80F30C8-CDCD-419C-8C6C-76701C808D87}"= TCP:D:\Program Files\Games\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{137B6363-9EB8-43E3-80BF-BB39528C849F}C:\\users\\jani\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\jani\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{A2DEDFB8-C971-40CE-9E83-3E7D31505AB6}C:\\users\\jani\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\jani\program files\utorrent\utorrent.exe:utorrent.exe
"{BD807FAF-F060-4CEA-A260-0045A0FDFA46}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{89A57717-C4EA-4DEE-96C4-8432FADD0FBF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{93C31F5C-8E7A-4648-A2C7-89232085D88A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{EFCEE52C-8CEB-4072-BF70-302E21E00E01}"= UDP:D:\Program Files\Games\Battlefield 2\BF2.exe:Battlefield 2
"{389C1999-95E2-4FD6-BE8E-02921DC4B58C}"= TCP:D:\Program Files\Games\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{FA2518A0-157A-439E-8456-B6679E941D53}C:\\users\\jani\\desktop\\lataukset\\[pc] battlefield 2142 [rip] [dopeman]\\2142\\2142\\bf2142.exe"= UDP:C:\users\jani\desktop\lataukset\[pc] battlefield 2142 [rip] [dopeman]\2142\2142\bf2142.exe:bf2142.exe
"UDP Query User{0C563C47-B959-4EAF-9796-7D31D9ECBF26}C:\\users\\jani\\desktop\\lataukset\\[pc] battlefield 2142 [rip] [dopeman]\\2142\\2142\\bf2142.exe"= TCP:C:\users\jani\desktop\lataukset\[pc] battlefield 2142 [rip] [dopeman]\2142\2142\bf2142.exe:bf2142.exe
"{B7DAE854-0C74-492A-BB37-58404C447139}"= UDP:D:\Program Files\Games\Empire Earth III\EE3.exe:Empire Earth III
"{C6BF89B6-2B85-4DE9-A38B-8403AFBEF90A}"= TCP:D:\Program Files\Games\Empire Earth III\EE3.exe:Empire Earth III
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 moufiltr;Mouse Filter Drive;C:\Windows\system32\drivers\moufiltr.sys [2003-01-23 15:29]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 06:13]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-10-20 15:31]
S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-03-02 08:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b0fac98-d583-11dc-86c3-001d602f61a2}]
\shell\AutoRun\command - L:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d8965ca-7f27-11dc-9057-001d602f61a2}]
\shell\AutoRun\command - G:\AutoRunCD.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60fc425-9317-11dc-bd1c-001d602f61a2}]
\shell\AutoRun\command - I:\EE3AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60fc426-9317-11dc-bd1c-001d602f61a2}]
\shell\AutoRun\command - J:\autorun.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-07 16:17:00 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:46:50
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-07 19:47:50
ComboFix-quarantined-files.txt 2008-04-07 16:47:45
Pre-Run: 6,827,450,368 tavua vapaana
Post-Run: 8,623,980,544 tavua vapaana
.
2008-04-06 22:09:18 --- E O F ---
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 20:21 |
Linkki tähän viestiin
|
Latasin ja käytin tota SmitfraudFix ohjelmaa. Mut mitään ei tapahtunu. siin luki käyttö estetty. ja sit painoin jtn näppäintä ja sen jälkeen painoin 1 ja enter nii sit se sulki koko ohjelman.
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 20:39 |
Linkki tähän viestiin
|
no eipä sit takuta sen kanssa.
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 21:13 |
Linkki tähän viestiin
|
|
Nyt ei tajuu. ku painan finish nii sit siihe tulee
Run-time error '339':
Component'COMCTL32.OCX' or one of its dependesies not correctly
registered: a file is missing or invalid
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 21:51 |
Linkki tähän viestiin
|
Lataa seuraava installer
MSCOMCTL Installer
Asenna kyseinen installer ja sen jälkeen kokeile uudestaan asentaa / käynnistää Ohjelma.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 22:08 |
Linkki tähän viestiin
|
|
Nyt ei voi ymmärtää ku ei toiminu vieläkään. valittaa samaa asiaa. :(
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 22:41 |
Linkki tähän viestiin
|
niin tää taas näytää vistaa. :)
linkki
tuolta sais sen korvattua xp asti.
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 23:03 |
Linkki tähän viestiin
|
|
Nooni. Nyt sain sen scannaamaan :)
Ilman Afterdawnin osaavia henkilöitä oltais kuses :D
|
|
Blood90
Suspended due to non-functional email address
|
7. huhtikuuta 2008 @ 23:57 |
Linkki tähän viestiin
|
|
laitan ton lokin aamulla. Jätän sen yöksi scannaamaan.
Ilman Afterdawnin osaavia henkilöitä oltais kuses :D
|
|
Hujo
Suspended permanently
|
7. huhtikuuta 2008 @ 23:57 |
Linkki tähän viestiin
|
|
laitas sitten se uusi hjt:n loki scannaten
Voiko tietsikka koskaan toimia?
|
Moderator
|
8. huhtikuuta 2008 @ 03:56 |
Linkki tähän viestiin
|
|
|
Blood90
Suspended due to non-functional email address
|
8. huhtikuuta 2008 @ 10:18 |
Linkki tähän viestiin
|
Malwaren Loki:
Malwarebytes' Anti-Malware 1.10
Database version: 598
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 261181
Time elapsed: 1 hour(s), 22 minute(s), 8 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C:\ProgramData\jgvknmlc\pihgpyra.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\xunleibho_now.xunlei (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0eedb911-c5fa-486f-8334-57288578c627} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e5333cd-a2fd-446d-b95e-f705402e99c1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2114456d-6a21-4cb0-8796-fc773db60436} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19329fd0-79a2-4cd6-bd0c-58810bdbe780} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a2c1d335-60fb-4240-9404-eecce7518282} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0a0d5fd4-f491-483e-97ef-e8066ae48fe5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a800b4e-351c-4230-b792-d73a5ea9cb31} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d97ad74-0cbd-443c-82e7-74093471b3b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d97ad74-0cbd-443c-82e7-74093471b3b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c153346b-68ee-4d1b-b1c3-e0b451b832b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{29627da8-4ddc-4461-8d99-9d09f2443690} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vnbptxlf.bseq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vnbptxlf.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\XunLeiBHO_Now.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2a800b4e-351c-4230-b792-d73a5ea9cb31} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mgsvflkw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qdnkewfa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\ProgramData\jgvknmlc\pihgpyra.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\bbgjzcgd\pslqbqdy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\pyzdjypq\hgpelsna.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\xokvzexl\nafibihk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\mljiJbcd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zmdapitc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\vnbptxlf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\temlxopqkxo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mgsvflkw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\qdnkewfa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\apoxqwfv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HJT:n Loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:42, on 8.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Microsoft Windows Update x86] me.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] me.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [O919BOVVZv] C:\ProgramData\jgvknmlc\pihgpyra.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12077 bytes
Ilman Afterdawnin osaavia henkilöitä oltais kuses :D
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. huhtikuuta 2008 @ 13:14
|
|
Hujo
Suspended permanently
|
8. huhtikuuta 2008 @ 12:11 |
Linkki tähän viestiin
|
|
poista toi vanha hjt:n loki ja scannaa uusi
Voiko tietsikka koskaan toimia?
|
|
Blood90
Suspended due to non-functional email address
|
8. huhtikuuta 2008 @ 12:27 |
Linkki tähän viestiin
|
|
Toi HJT:n loki minkä viimeks laitoin on uusi. Scannasin sen aamulla. Scannasin sen uudestaan ja siitä tuli vähän erillainen. Poistan tosta mun viime scannauksen ja laitan uuden siihen tilalle.
Ilman Afterdawnin osaavia henkilöitä oltais kuses :D
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. huhtikuuta 2008 @ 13:12
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
8. huhtikuuta 2008 @ 12:31 |
Linkki tähän viestiin
|
|
sama kuin tuo aikasempi
18:27:02, on 7.4.2008
Voiko tietsikka koskaan toimia?
|
