1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

117 vihua, Hjt-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi herne2 12.06.2008.

  1. herne2

    herne2 Member

    Liittynyt:
    07.03.2008
    Viestejä:
    34
    Kiitokset:
    0
    Pisteet:
    16
    Eli ajoin tällä koneella malwarebytesin, joka löysi 117 vihua ja ie kuulemma pomputtaa(pomputti?) ikkunoita auki itsekseen. Alla malware logi ja sen jälkeen kone käynnistetty ja otettu hjt-logi. Kone todella hidas.

    Malwarebytes' Anti-Malware 1.17
    Tietokantaversio: 849

    12:49:29 2008-06-12
    mbam-log-6-12-2008 (12-49-29).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 145859
    Kulunut aika: 2 hour(s), 22 minute(s), 37 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 3
    Saastuneita rekisteriavaimia: 13
    Saastuneita rekisteriarvoja: 5
    Saastuneita rekisterikohteita: 2
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 94

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    C:\WINDOWS\system32\ungmpawo.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\xxywTKaY.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\xxyyayxx.dll (Trojan.FakeAlert) -> Unloaded module successfully.

    Saastuneita rekisteriavaimia:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b1ceb99-b70d-4f5a-808f-8782dae58c14} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{4b1ceb99-b70d-4f5a-808f-8782dae58c14} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyayxx (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4bdb5e18 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM48e86d84 (Trojan.Agent) -> Delete on reboot.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywtkay -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywtkay -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\asenrwhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fhwrnesa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bhduusqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cqsuudhb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnnlIXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QXIlnnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QXIlnnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMcaxXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NXxacMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\NXxacMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ungmpawo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\owapmgnu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxywTKaY.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\YaKTwyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YaKTwyxx.ini2 (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayyYPgG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GgPYyyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GgPYyyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyyayxx.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temp\eraseme_41131.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\3KF2ZB4X\setup[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\TB5H81I3\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\UDC8KGH4\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marrun juttuja\Local Settings\Temporary Internet Files\Content.IE5\UDC8KGH4\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\6J45X1UJ\bot[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP854\A0393458.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP855\A0394444.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP855\A0397461.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP856\A0398474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398528.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398539.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398543.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398548.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398553.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398554.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398556.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP857\A0398557.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398575.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398588.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398598.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398599.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398600.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398601.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398608.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398610.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398631.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398634.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP858\A0398635.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398657.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398658.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398659.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP859\A0398670.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399700.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399705.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399706.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399707.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399708.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399715.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399717.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399729.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399732.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399736.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399739.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399740.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399741.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399742.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399749.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399751.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399760.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399763.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399764.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399784.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399785.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399786.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP861\A0399787.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP862\A0399796.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP863\A0399822.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP863\A0400826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP864\A0403851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A50E7FFE-C7AF-48DC-82C8-8C96FB23AEF7}\RP865\A0404851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eaifsekt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\knadyfsy.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\otxohceo.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qwdtnrgb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tgbhskqk.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vwfujbap.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\sjxhwrpw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26, on 2008-06-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Sensior\Bin\Reader.exe
    C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe
    C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: {3f1c75e5-7558-f20a-a9a4-67c13737d6ea} - {ae6d7373-1c76-4a9a-a02f-85575e57c1f3} - C:\WINDOWS\system32\wbnjpufr.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Sensior Reader] C:\Program Files\Sensior\Bin\Start Reader.bat
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [VMCL] E:\\VMC_PBStarter.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
    O4 - Global Startup: IEEE802.11b WLAN Card Utility.lnk = C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 9163 bytes
     
  2.  
  3. Hujo

    Hujo Guest

    niinkuin tämäkin
     
  4. herne2

    herne2 Member

    Liittynyt:
    07.03.2008
    Viestejä:
    34
    Kiitokset:
    0
    Pisteet:
    16
    no juurihan vastasin, että näin kävi tämän nimenomaisen aiheen osalta. Valitan. Tietääkseni tuota toista aihetta koskevaa viestiä ei ollut kuin yksi.
     
  5. Hujo

    Hujo Guest

    mode varmaankin sulkee tämän
     

Jaa tämä sivu