|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Vistan taustakuva kadoksissa spywaren poiston jälkeen
|
|
|
Bevier
Newbie
|
15. kesäkuuta 2008 @ 22:59 |
Linkki tähän viestiin
|
Poistin tuossa n.kuukausi sitten jonkun virus/spyware infektion koneelta ja sen jälkeen taustakuva on ollut musta. Myöskin kuvien "thumbnailit" katosivat samalla. Vaihtaminen ei onnistu enää mitenkään ja teeman vaihdolla ei ole vaikutusta. Kyseessä taisi olla Virtumonde, ja itse asiassa sen poistamisen kanssa on ollut työtä. Käyttöjärjestelmänä on Vista Home Premium, ja virusturvasta vastaa Norton 360 (mikä tuntuu jostain syystä melko heikolta ratkaisulta). Niinpä siihen on tullut lisänä hankittua Malwarebytes' anti-malware, sekä Ad-aware. Tuo AM löytää aika tehokkaasti tuon Vundon koneelta pikaskannilla mutta deep skannilla tulee joku virhe ja kone käynnistyy uudelleen.
Eli johtuuko tuo taustakuva ongelma siitä että koneella on edelleen joku tiitiäinen vai onko joku jo mennyt muuttamaan jotain asetuksia/rekistereitä jonka johdosta kuvat eivät toimi? Koneella on niin paljon töitä että en mielellään lähtisi sitä formatoimaan ensimmäisenä... =)
|
|
Garde
Suspended due to non-functional email address
|
16. syyskuuta 2008 @ 17:11 |
Linkki tähän viestiin
|
|
Onko ongelmaan löytynyt ratkaisua?
Omalla läppärillä on myös sama ongelma. Tosin ongelma ilmeni normaalin siivouksen yhteydessä, ossa käytin myös Malwarebytes' anti-malwarea.
|
|
Hujo
Suspended permanently
|
17. syyskuuta 2008 @ 00:49 |
Linkki tähän viestiin
|
Bevier
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport ? muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
|
Bevier
Newbie
|
18. syyskuuta 2008 @ 10:39 |
Linkki tähän viestiin
|
Ei ole ratkaisua löytynyt. Mutta muokkasin hieman tuota virusturvaa uudelleen. Lopetin Nortonin ja siirryin Avast!/Comodo Pro yhdistelmään eikä ole ollut valittamisia.
Tein tuon searchin ohjeen mukaan ja tässä on siis se raportti:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection
DNS Server Search Order: 193.210.19.19
DNS Server Search Order: 192.89.123.29
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Hujo
Suspended permanently
|
18. syyskuuta 2008 @ 11:18 |
Linkki tähän viestiin
|
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
=============
katotaas miltä tuo hjt:n loki näyttää
Lataa TÄSTÄ HJTInstall.exe
* Tallenna HJTInstall.exe työpöydällesi.
* Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
* Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
* Klikkaa Install.
* Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
* Kun asennus on valmis, se käynnistää HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.
* ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
* ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. syyskuuta 2008 @ 11:20
|
|
Bevier
Newbie
|
21. syyskuuta 2008 @ 22:29 |
Linkki tähän viestiin
|
Ok, elikkä seuraavanlaista lokia näyttäis:
Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1134
Windows 6.0.6001 Service Pack 1
2008-09-21 14:08:07
mbam-log-2008-09-21 (14-08-07).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 244276
Kulunut aika: 1 hour(s), 35 minute(s), 27 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
sekä sitten tämä HJTI:n loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13, on 2008-09-21
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {82B026D9-BEEF-4181-9035-391D9793EEE5} - (no file)
O2 - BHO: {57169175-a142-07e8-ac54-03930f63f198} - {891f36f0-3930-45ca-8e70-241a57196175} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winwrv32.rom,HdyRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Työkalupalkki - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tallenna lomakkeet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Täytä lomakkeet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.moove.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 13875 bytes
|
|
Hujo
Suspended permanently
|
22. syyskuuta 2008 @ 02:38 |
Linkki tähän viestiin
|
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
=============
Päivitä Malwarebytes' Anti-Malware ja aja täysi scannaus
Voiko tietsikka koskaan toimia?
|
|
Bevier
Newbie
|
23. syyskuuta 2008 @ 22:58 |
Linkki tähän viestiin
|
|
Ok, ajoin tuon Combofixin mutta se ei kuitenkaan lokia jostain syystä antanut. Sen sijaan tuo taustakuva ongelma kyllä korjaantui prosessin aikana? Kaikki on aika lailla niinkuin pitäisikin joten onko kaikki siis kunnossa?
|
|
Hujo
Suspended permanently
|
23. syyskuuta 2008 @ 23:30 |
Linkki tähän viestiin
|
|
aja se combofix uudelleen
===========
Päivitä Malwarebytes' Anti-Malware ja aja täysi scannaus
===========
ei oo ainakaan kunnossa kun tuota lokia tuossa katselee ylhäällä
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
Bevier
Newbie
|
28. syyskuuta 2008 @ 19:35 |
Linkki tähän viestiin
|
No niin, elikkä tässä tämä loki Combofixiltä.
ComboFix 08-09-22.06 - Avalon 2008-09-28 18:48:19.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.1370 [GMT 3:00]
Sijainti: C:\Users\Avalon\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\dtmcljpg.dll
C:\Windows\system32\MSINET.oca
C:\Windows\system32\packet.dll
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\skinboxer43.dll
C:\Windows\system32\wanpacket.dll
C:\Windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-28 to 2008-09-28 )))))))))))))))))
.
2008-09-21 13:28 . 2008-09-21 13:28 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 10:23 . 2008-09-18 10:23 5,136 --a------ C:\Windows\System32\tmp.reg
2008-09-18 10:22 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-09-18 10:22 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-09-18 10:22 . 2008-09-08 23:38 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe
2008-09-18 10:22 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-09-18 10:22 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-09-18 10:22 . 2008-09-15 18:51 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-09-18 10:22 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe
2008-09-18 10:22 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-09-18 10:22 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-09-18 10:22 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-09-18 06:28 . 2008-09-18 06:28 0 --a------ C:\LHTBB.tmp
2008-09-15 14:11 . 2008-09-15 14:11 <KANSIO> d-------- C:\Program Files\Disconnect
2008-09-15 13:42 . 2008-09-16 19:19 46 --a------ C:\Windows\TP-LINK ADSL Modem_Router Utility.INI
2008-09-14 07:59 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-09-14 07:54 . 2008-09-14 07:54 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-09-14 07:52 . 2008-09-14 07:52 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-14 07:50 . 2008-09-14 08:00 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
2008-09-14 07:50 . 2008-09-14 08:00 <KANSIO> d-------- C:\ProgramData\Microsoft Help
2008-09-14 07:50 . 2008-09-14 07:50 <KANSIO> dr-h----- C:\MSOCache
2008-09-14 07:01 . 2008-04-26 11:26 891,448 --a------ C:\Windows\System32\drivers\tcpipcopy.sys
2008-09-10 12:01 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 12:01 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 12:01 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 12:01 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 12:01 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 12:01 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 12:01 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 12:01 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 12:01 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-01 15:39 . 2008-09-10 12:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-09-01 15:39 . 2008-09-01 15:39 1,409 --a------ C:\Windows\QTFont.for
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 17:37 --------- d-----w C:\Program Files\World of Warcraft
2008-09-24 06:17 137,728 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-09-24 06:16 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-09-24 04:37 --------- d-----w C:\Program Files\City of Heroes
2008-09-24 04:36 --------- d-----w C:\Program Files\Jasc Software Inc
2008-09-21 09:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 03:11 --------- d-----w C:\Program Files\MobMapUpdater
2008-09-15 19:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 11:58 --------- d-----w C:\Program Files\EA GAMES
2008-09-15 11:42 --------- d-----w C:\Program Files\WinPcap
2008-09-15 11:41 --------- d-----w C:\Program Files\ADSL Pure Bridge Utility
2008-09-14 04:57 --------- d-----w C:\Program Files\MSBuild
2008-09-14 04:57 --------- d-----w C:\Program Files\Microsoft Works
2008-09-14 04:28 --------- d-----w C:\Users\Avalon\AppData\Roaming\uTorrent
2008-09-14 04:03 882,232 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-09-09 21:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 21:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-17 19:26 --------- d-----w C:\ProgramData\Sony Ericsson
2008-08-17 19:24 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 14:27 --------- d-----w C:\Program Files\Mafia
2008-08-17 13:48 --------- d-----w C:\Program Files\Mafia
2008-08-15 13:54 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 13:14 --------- d-----w C:\Program Files\LucasArts
2008-08-10 17:27 --------- d-----w C:\ProgramData\Ubisoft
2008-08-10 17:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-10 17:26 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-08-10 17:10 --------- d-----w C:\Program Files\Ubisoft
2008-08-10 07:28 --------- d-----w C:\Program Files\Registry Easy
2008-08-09 17:26 --------- d-----w C:\Program Files\Sierra
2008-08-08 21:12 --------- d-----w C:\ProgramData\GRAW2
2008-08-06 18:03 --------- d-----w C:\Program Files\Black Isle
2008-08-06 17:06 --------- d-----w C:\Program Files\Disciples 2
2008-08-03 09:02 --------- d-----w C:\Program Files\3DO
2008-08-01 23:00 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-08-01 16:22 --------- d-----w C:\Program Files\THQ
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 12:46 --------- d-----w C:\ProgramData\comodo
2008-07-29 12:42 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-07-29 12:42 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-07-29 12:42 143,104 ----a-w C:\Windows\System32\guard32.dll
2008-07-29 12:42 --------- d-----w C:\Users\Avalon\AppData\Roaming\Comodo
2008-07-29 12:42 --------- d-----w C:\Program Files\COMODO
2008-07-29 09:07 --------- d-----w C:\ProgramData\Symantec
2008-07-29 09:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-29 08:05 --------- d-----w C:\Program Files\Alwil Software
2008-07-28 17:00 --------- d---a-w C:\ProgramData\TEMP
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-17 17:26 0 ----a-r C:\logwmemory.bin
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-02 19:26 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
2008-06-30 05:33 449,305 --sha-w C:\Windows\System32\uELlkRqr.ini2
2008-06-21 09:42 371 ----a-w C:\Program Files\stronghold.cfg
2008-05-23 21:52 174 --sha-w C:\Program Files\desktop.ini
2007-12-01 20:10 22,328 ----a-w C:\Users\Avalon\AppData\Roaming\PnkBstrK.sys
2007-07-23 09:39 2,775,032 ----a-w C:\Users\Avalon\AiRoboForm.exe
2007-05-21 13:20 270 ----a-w C:\Users\Avalon\AppData\Roaming\wklnhst.dat
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2001-10-17 07:43 26,388,208 ----a-w C:\Program Files\unpack.exe
2001-10-17 07:29 41,245 ----a-w C:\Program Files\RegSetup.exe
2001-10-17 07:07 3,107,553 ----a-w C:\Program Files\stronghold.exe
2001-10-17 07:05 40 ----a-w C:\Program Files\pc.txt
2001-10-17 07:05 10 ----a-w C:\Program Files\pc.cfg
2001-10-04 13:17 578,048 ----a-w C:\Program Files\Stronghold Readme.doc
2001-10-04 07:27 60,678 ----a-w C:\Program Files\stronghold.mlb
2001-10-02 17:22 301,000 ----a-w C:\Program Files\sh.tex
2001-09-30 21:27 38,642 ----a-w C:\Program Files\jester.ani
2001-09-30 20:23 2,314 ----a-w C:\Program Files\hand.ani
2001-09-30 19:53 2,314 ----a-w C:\Program Files\sword.ani
2001-09-30 16:22 2,314 ----a-w C:\Program Files\delete.ani
2001-08-03 07:25 45,056 ----a-w C:\Program Files\pcchk.exe
2001-03-31 08:41 346,624 ----a-w C:\Program Files\Mss32.dll
2000-11-02 13:07 291,328 ----a-w C:\Program Files\binkw32.dll
2008-05-22 19:24 439,598 --sha-w C:\Windows\System32\BcKTAcfe.ini2
2008-05-21 22:35 441,423 --sha-w C:\Windows\System32\CLkUvyxx.ini2
2008-05-22 06:28 444,540 --sha-w C:\Windows\System32\Ruxbdccf.ini2
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-26 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-09-15 675840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-29 1655552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-19 113664]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-03 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AC783BFB-9784-4AB3-B57E-19ABB19D3DE4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{9D92B514-9E16-46A2-AA6E-FE520FCEA473}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{6D0B5BB1-E962-4513-B14B-F0D0E3ACDCBC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9BA0DCC9-4784-474C-9F12-DF2CF4F456C8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{16780788-3755-4C98-B77C-1A44F28AEC61}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{BDDD20FE-34CC-43B0-8D67-A954DA1ADF5E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A848F00E-A2E3-4705-B3AC-D18B83F0A6D4}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{9B92EFF0-F127-4E06-A89D-481C6E507278}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{374546B5-DA19-47FC-BABE-0F72FE74A608}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{82C55B2A-620E-400F-BBBD-5E46FA28401B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EE53797D-C48A-483D-86AE-732414C08D22}"= UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{C1D3DBD1-8843-425A-8A52-46679C80B22C}"= TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{5542552A-4C82-4BEC-81C3-F10E40F7698E}"= UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{33E5021F-F3B3-4BBE-A4C1-4BE1D28D2A4E}"= TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{84BB10A3-D9E0-42CB-ADE2-F9AB8C7E872F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1CAA0642-EB75-4C3D-ACD9-974058D275A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{9B69BD93-95BE-4BDD-BC20-E148FBC1A93B}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{7EE837E0-AF69-43F6-BBFB-3FB4B58F4C59}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{434E17F8-773A-4A39-ADBB-C4F5648B99D6}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{8149118F-3BF3-4F29-8363-2D3A9368AFEF}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{6760CC92-AE8A-4776-9DA8-B3895F2741F8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{A01C3799-1030-4DFB-8738-DB154DDA8B43}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{918D2EC5-B161-4276-A90A-7CEAD2BCA95A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{E8E23C8B-1717-4E5C-AF0D-F6AC2BCB53EE}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{A372EA0D-5696-4738-8CE5-37834A2886F3}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{BDD34889-18B1-44DB-B281-BF567946F625}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D3D864E6-02C4-4610-869D-2F45BA8A15D4}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{6E026059-791A-410F-BD99-AFEEB5249E30}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{1B2F4AE3-C688-448F-969B-94729F6FD5C0}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E7CE9977-ED1B-41AE-8464-8DCC386FD364}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{BA9CE60A-0B1D-4121-B5B7-3C8DC3F21131}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{C5B9B4D1-5F94-4B5E-B87A-0F6DABF9917A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6DA01B61-53A3-4104-896B-D93E1905754F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6F067481-E2E5-4213-AA75-6649B9090DC2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{FF3C9A3E-0186-4BBB-BCEF-F4984F7182E0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4E0FF4D5-D9AB-4D3F-BD9B-9929638585D2}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{FFD5989B-15F1-4478-8502-DC99E2372F01}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{035D0292-0961-4F30-B1E1-4F764A0A1C25}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{6B130783-AA9D-4D2E-A85F-A6A25FB0A146}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{721237F7-AC81-4FA1-94C3-954C608CA851}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{B00FF4D7-84E4-406E-B148-0FEC7CF7BAA2}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{493AE4E2-7CEA-4675-AB45-9366BF5A41EB}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{98DB4548-622A-4D64-B23A-FD0C5CF893D6}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{25AD4D35-89EC-4F10-9F36-D267CD02BDF7}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{F752A60D-5633-4594-ABA3-A27F23294FC8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{5BA96ADB-1CCD-4E1C-9070-1192659EAC19}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D3834100-9E7C-43C4-A5AC-F057F8B5182D}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{0C252C38-7448-40A8-8B83-5BEBC504DB41}"= UDP:3724:Blizzard Downloader: 3724
"{B73C469E-5A02-4020-99E1-9B06BB3C7CF3}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{FB93FCC0-A2DF-4CA7-AE09-14D2745C8FBD}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{78470470-BC9E-4C36-8943-AE133EEE59E7}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{4348F2DD-E115-41C0-8F5E-4851ADD24F9A}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{E0C3C8E0-651E-4DED-95C6-F96D2E4067D8}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{AEAC081C-DDEE-450E-86AC-60D7A1F1AC5C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F51BC5BA-A52D-41CC-964B-80FE7F51F263}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{8136108C-2367-42CF-8973-15FF37E343B7}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{8B315F88-5A09-4379-B045-8ED63560037A}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{41B71C55-A89C-47D4-897B-F68AE7B6B549}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{3338D1C7-F81C-4EDA-AC81-B6DCFDFBCDA7}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{610DDB40-0245-47F2-88D2-E0ECDCF63F05}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{66DD63FB-FE30-4D92-A2CE-959593A34E2D}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{C847F843-6B65-4F8B-8DD1-3F38547AA80C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{A21848E5-6E06-4E09-9A27-180305351962}C:\\program files\\zultrax p2p\\zultrax.exe"= UDP:C:\program files\zultrax p2p\zultrax.exe:Zultrax
"UDP Query User{CC91A46A-8633-4614-8DA7-995E37B09335}C:\\program files\\zultrax p2p\\zultrax.exe"= TCP:C:\program files\zultrax p2p\zultrax.exe:Zultrax
"{8F7DF763-EBC3-4D36-A8A7-28EC9B1842AD}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{9F20B8F1-316B-4750-B1F5-5ECBC1C01BDC}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{7D3B9868-B6D8-45A2-A5C5-AEEF09D6E09D}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{81E6E26B-20DD-4354-8F7F-FB1910DE1DFD}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{BFCF40F9-3704-458B-97C5-6BA410004ADD}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{BC3BD852-C501-4088-BC8F-AD86B947C9A0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C08E2135-ED97-4B96-B5D3-15633B584FD2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{41335E25-4778-4A01-AD3D-94FF030EC1FC}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{4EA2C8F0-67AC-46CC-9CEC-22D4AEB897A5}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{91FC1F91-225D-4FE5-8B86-FDFFCDB1F020}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{0AA989D3-7457-4CFA-9BFA-1F816248A7A6}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{9AB2733B-3618-4179-9DFD-F8FDAC2A3863}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"{E2C2C105-7D84-4893-945D-B2359667B3F8}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53A19017-7C55-4671-87FC-1ED0713A2851}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{E2A8F84A-400C-4E60-8EB9-2FD0C7BC52C9}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{617F09C9-B9FD-4085-ADDB-7F36806DC2E9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{AA701717-1182-467A-AA5A-DE19AD93520B}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{526CF224-9410-4DDA-BFA5-2E06ADC27D05}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{D0E6A01F-2951-470B-8674-190E00ACE3EC}"= UDP:C:\Program Files\Norton 360\MAINSTUB.EXE:Norton 360
"{44326FC5-3D1D-4189-93E6-2517734A4BED}"= TCP:C:\Program Files\Norton 360\MAINSTUB.EXE:Norton 360
"{E91D1C75-786A-4645-87D7-9E60EAF87723}"= Disabled:UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{72BC294F-81C0-4F54-A54F-C1746A509158}"= Disabled:TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva
"{DD764C9D-1E46-4BFC-AC78-0198176B8A65}"= Disabled:UDP:C:\Program Files\Sonera Tietoturva\4436233\Program\fspex.exe:Sonera Tietoturva
"{906DFEC6-2873-483A-B1C5-23C7CFB6CB49}"= Disabled:TCP:C:\Program Files\Sonera Tietoturva\4436233\Program\fspex.exe:Sonera Tietoturva
"TCP Query User{2F735B36-E724-48F8-B706-37A96DA45DA1}C:\\soldat\\soldat.exe"= UDP:C:\soldat\soldat.exe:Soldat
"UDP Query User{6A09E2F4-C0D3-40B8-9053-32E11DBCB32A}C:\\soldat\\soldat.exe"= TCP:C:\soldat\soldat.exe:Soldat
"{3E69E9C8-650A-45BC-9D70-34BCB72A7D37}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{78D85C5D-13F4-447C-9C1B-A8F8C5B710B4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E1C19B81-2F9D-4588-8208-AE8A6CA8EAAE}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{FEBDB6C5-8F72-4EF9-9C99-5028A8EE198F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{39825BF6-CC84-439C-8B11-496824E453B9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E3BA1C35-8A44-4AF1-814D-4F103AB9731E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF2242F6-3223-4BBD-81D2-9FA697C55004}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B6F3707-4FE3-4917-A931-8A10737BC772}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC9D868D-FFAC-4CF8-A6D2-5B85342770EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{722DF9BC-E8A7-4F99-AD69-5BB4AA31522F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{108892B6-9699-4E54-A960-BDF5C4A60BDE}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-29 85008]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-29 25104]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 2600448]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-03-02 12031744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a78f-06b0-11dc-b159-001a9210487c}]
\shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a791-06b0-11dc-b159-001a9210487c}]
\shell\AutoRun\command - K:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a793-06b0-11dc-b159-001a9210487c}]
\shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a795-06b0-11dc-b159-001a9210487c}]
\shell\AutoRun\command - M:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef33611a-d482-11db-8ad8-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
- - - - POISTETUT JÄMÄRIVIT - - - -
BHO-{82B026D9-BEEF-4181-9035-391D9793EEE5} - (no file)
BHO-{891f36f0-3930-45ca-8e70-241a57196175} - (no file)
HKCU-Run-MSSMSGS - winwrv32.rom
HKLM-Run-RegistryMechanic - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Avalon\AppData\Roaming\Mozilla\Firefox\Profiles\xplhae44.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:54:45
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-09-28 18:57:51
ComboFix-quarantined-files.txt 2008-09-28 15:57:42
Ennen ajoa: 40,587,501,568 tavua vapaana
Ajon jälkeen: 40,551,854,080 tavua vapaana
381 --- E O F --- 2008-09-26 12:25:14
|
|
