1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

117 vihua, Hjt-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi herne2 12.06.2008.

  1. herne2

    herne2 Member

    Liittynyt:
    07.03.2008
    Viestejä:
    34
    Kiitokset:
    0
    Pisteet:
    16
    Eli ajoin tällä koneella malwarebytesin, joka löysi 117 vihua ja ie kuulemma pomputtaa(pomputti?) ikkunoita auki itsekseen. Alla malware logi ja sen jälkeen kone käynnistetty ja otettu hjt-logi. Kone todella hidas.

    Malwarebytes' Anti-Malware 1.17
    Tietokantaversio: 849

    12:49:29 2008-06-12
    mbam-log-6-12-2008 (12-49-29).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 145859
    Kulunut aika: 2 hour(s), 22 minute(s), 37 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 3
    Saastuneita rekisteriavaimia: 13
    Saastuneita rekisteriarvoja: 5
    Saastuneita rekisterikohteita: 2
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 94

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\ungmpawo.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\xxywTKaY.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\xxyyayxx.dll (Trojan.FakeAlert) -> Unloaded module successfully.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b1ceb99-b70d-4f5a-808f-8782dae58c14} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{4b1ceb99-b70d-4f5a-808f-8782dae58c14} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyayxx (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4bdb5e18 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM48e86d84 (Trojan.Agent) -> Delete on reboot.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywtkay -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywtkay -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\asenrwhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fhwrnesa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bhduusqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cqsuudhb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnnlIXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QXIlnnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QXIlnnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMcaxXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NXxacMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NXxacMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ungmpawo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\owapmgnu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxywTKaY.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\YaKTwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YaKTwyxx.ini2 (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayyYPgG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GgPYyyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GgPYyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyyayxx.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temp\eraseme_41131.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\setup[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\TB5H81I3\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\UDC8KGH4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\UDC8KGH4\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\6J45X1UJ\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP854\A0393458.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP855\A0394444.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP855\A0397461.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP856\A0398474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398528.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398539.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398543.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398548.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398553.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398554.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398556.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398557.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398575.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398588.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398598.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398599.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398600.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398601.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398608.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398610.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398631.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398634.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398635.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398657.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398658.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398659.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398670.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399700.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399705.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399706.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399707.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399708.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399715.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399717.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399729.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399732.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399736.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399739.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399740.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399741.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399742.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399749.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399751.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399760.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399763.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399764.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399784.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399785.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399786.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399787.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP862\A0399796.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP863\A0399822.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP863\A0400826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP864\A0403851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP865\A0404851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eaifsekt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\knadyfsy.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\otxohceo.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qwdtnrgb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tgbhskqk.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vwfujbap.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\sjxhwrpw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26, on 2008-06-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Sensior\Bin\Reader.exe
    C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe
    C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: {3f1c75e5-7558-f20a-a9a4-67c13737d6ea} - {ae6d7373-1c76-4a9a-a02f-85575e57c1f3} - C:\WINDOWS\system32\wbnjpufr.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Sensior Reader] C:\Program Files\Sensior\Bin\Start Reader.bat
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [VMCL] E:\\VMC_PBStarter.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
    O4 - Global Startup: IEEE802.11b WLAN Card Utility.lnk = C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 9163 bytes
     
    herne2, 12.06.2008
    #1
  2.  
  3. Hujo

    Hujo Guest

    niinkuin tämäkin
     
    Hujo, 12.06.2008
    #2
  4. herne2

    herne2 Member

    Liittynyt:
    07.03.2008
    Viestejä:
    34
    Kiitokset:
    0
    Pisteet:
    16
    no juurihan vastasin, että näin kävi tämän nimenomaisen aiheen osalta. Valitan. Tietääkseni tuota toista aihetta koskevaa viestiä ei ollut kuin yksi.
     
    herne2, 12.06.2008
    #3
  5. Hujo

    Hujo Guest

    mode varmaankin sulkee tämän
     
    Hujo, 12.06.2008
    #4

Jaa tämä sivu