vähemmän oman pääoman

Magazine
Go Back   Tietokone Juice > Computer Software > Virusten, vakoiluohjelmien & Security
Reload this Page

Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Rekisteröidy Sivustokartta Spy Käyttäjälista Lahjoita Haku Today's Posts Mark Forums Read Foorumin säännöt

Register


 Default 

Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H




Reply
Sivu 1 / 3 1 23
 
Thread Tools
  #1  
Old 16 lokakuu 2008, 09:51
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Olen yrittänyt monta kertaa Malwarebytes poistaa VUNDO.H virus. Se kehotteita reboot ja I run Malwarebytes uudelleen vain, että se on edelleen järjestelmään. Minulla on myös poissa käytöstä järjestelmien palauttaa ennen näitä.

Thanks for your help!
Attached Files
File Type: txt mbam-log-2008-10-16 (12-33-23). txt (1.2 KB, 105 views)
File Type: txt hijackthis.txt (7.3 KB, 100 views)
  #2  
Old 16 lokakuu 2008, 11:27
Moderator Group
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Avaa HijackThis ja valitse Tee järjestelmän tarkistus vain.

Aseta valintamerkki vieressä seuraavista maininnoista: (jos on)
  • O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll
  • O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
Tärkeää: Sulje kaikki ikkunat lukuun ottamatta HijackThis ja valitse sitten Korjaa tarkastetaan.

Poistu HijackThis.

----------

Ladata OTMoveIt2 jonka Oldtimer ja tallenna se Desktop.

Huom: Jos olet käynnissä Vista, oikea-klikkaa OTMoveIt2.exe ja valitse Suorita järjestelmänvalvojana.

1. Kaksoisnapsauta OTMoveIt2.exe suorittaa sen.
2. Kopioi rivit on codebox alla.

Code:
[tappaa explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [aloittaa Explorer]
3. Palaa OTMoveIt2 oikeassa napsauttamalla on Liitä Luettelo tiedostot / kansiot Siirrä ikkuna (alle keltainen bar) ja valitse Liitä
4. Napsauta punaista Moveit! painiketta.
5. Kopioi kaikki Tulokset-ikkunassa (mukaisesti vihreä palkki) ja liitä se näkyy seuraavassa vastausta.
6. Sulje OTMoveIt2

Huomautus: Jos tiedostoa tai kansiota ei voi siirtää välittömästi voidaan pyytää käynnistää tietokone uudelleen, jotta voidaan lopettaa Muuttuva prosessi. Jos tietokone kehotetaan käynnistämään uudelleen, valitse Kyllä. Jos ei, uudelleenkäynnistä anyway.
__________________
  #3  
Old 16 lokakuu 2008, 12:39
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Minulla oli kaikki, mitä julkaistaan. The Hijack sujui hyvin ja 2-tiedostot on poistettu.

The OTMOVEIT2 ohjelma - olen kopioinut 4 linjat
[tappaa Explorer]
C: \ WINDOWS \ SYSTEM32 \ digestp.dll
EmptyTemp
[aloittaa explorer

nojalla keltainen baari ja valitaan MOVEIT.

Alle vihreä laatikko ohjelmat sanoi tutkia surmansa onnistui kuitenkin sain virheen valintaikkunassa.

Said OTMOVEIT2 OTMOVEIT2.EXE - Huono kuva

Hakemuksen tai DLL C: \ Windows \ rakxhfy.dll ei ole kelvollinen Windows Image. Tarkista tämä vasten installtion levylle.

Minulla oli käynnistää ja OTMOVEIT tuli jälleen ja minä keksi saman virheen valintaikkunassa kuten edellä. Miten pääsen eroon tästä OTMOVEIT2 kun se reboots. Onko mitään muuta, että on tehtävä?
  #4  
Old 16 lokakuu 2008, 12:45
Moderator Group
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Kyllä siellä on enemmän tekemistä. Älä ole huolissasi virheilmoitus ...

Ladata satunnainen järjestelmän tietovälineenä (RSIT) pistokokein / satunnaisesti ja tallenna se työpöydälle.
  • Kaksoisnapsauta RSIT.exe suorittamisen.
  • Valitse Jatka on vastuuvapauslauseke näytöllä.
  • Kun se on valmis, kaksi lokit avautuu.
  • Log.Txt <on maksimoitu ja info.txt <on minimoitu
  • Lähetä sisältö molemmat kirjautuu seuraavan vastauksen.
__________________
  #5  
Old 16 lokakuu 2008, 13:26
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Log.Txt:
Sinun tiedosto 28.7 KB bytes ylittää foorumi raja 19.5 KB tämän tyyppisen tiedoston. Jouduin WinZip lokitiedoston saada sen sinulle tehdä cdonstraints tietokoneella JUICE takavarikointimääräyksen tiedostoja.
Attached Files
File Type: txt info.txt (12.5 KB, 24 views)
File Type: zip ziplog file.zip (7.5 KB, 9 views)
  #6  
Old 16 lokakuu 2008, 13:34
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

LOG FILE

Logfile satunnaisten järjestelmän tietovälineenä 1,04 (kirjallinen pistokokein tai satunnaista)
Aja Omistaja at 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
System asema C: on 136 Gt (92%) vapaaksi 149 GB
Yhteensä RAM: 382 MB (30% vapaaksi)
Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 3:56:33 PM, on 10.16.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdaten \ AluSchedulerSvc.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Omistaja \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe
C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download ja Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll
O2 - BHO: Symantec Murtohälytysjärjestelmät Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / tausta
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
O23 - Service: Ati Pikanäppäin Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdaten Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdaten \ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - JATKO Software - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdaten - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdaten \ LuComServer_3_4.EXE
O23 - Service: LiveUpdaten Notice - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe
--
End of file - 7993 bytes
====== Ajoitetut tehtävät-kansio ======
C: \ WINDOWS \ tehtäviä \ Automaattinen Koko Backup.job
C: \ WINDOWS \ tehtäviä \ Päiväkatsaus muutettu Files.job
C: \ WINDOWS \ tehtävät \ PEACTREE VIIKOITTAINEN TAKAISIN UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Download ja Record Plugin for Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec Murtohälytysjärjestelmät ehkäisy - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - c: \ program files \ google \ googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
c: \ windows \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11D4-9B18-009027A5CD4F) - & Google - c: \ program files \ google \ googletoolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Näytä Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entVersion \ Run]
"QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792]
"TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896]
"ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
"osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
C: \ Program Files \ Ahead \ InCD \ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS]
C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Käynnistä-valikko ^ Ohjelmat ^ Käynnistys ^ BigFix.lnk]
C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Käynnistä-valikko ^ Ohjelmat ^ Käynnistys ^ Microsoft Office.lnk]
C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588]
C: \ Documents and Settings \ All Users \ Käynnistä-valikko \ Ohjelmat \ Startup
Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent]
C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ profiilin \ authorizedapplications \ listalle]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ palvelut es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listalle]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480

====== Luettelo tiedostot / kansiot luotu viime 1kuukausi ======
2008-10-16 15:56:08 ---- D ---- C: \ rsit
2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security
2008-10-16 13:48:04 ---- A ---- C: \ WINDOWS \ system32 \ CF23987.exe
2008-10-16 13:47:57 ---- A ---- C: \ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \ VundoFix Varmuuskopiot
2008-10-16 13:20:06 ---- A ---- C: \ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Omistaja \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $
2008-10-16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $
2008-10-16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $
2008-10-16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $
2008-10-16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $
2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48:03 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360
2008-10-16 10:22:49 ---- A ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ Sun
2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Omistaja \ Application Data \ Sun
2008-10-11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Omistaja \ Application Data \ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
====== Luettelo tiedostot / kansiot muutettu viimeksi 1kuukausi ======
2008-10-16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp
2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2
2008-10-16 15:25:42 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt
2008-10-16 15:12:27 ---- A ---- C: \ WINDOWS \ hpbafd.ini
2008-10-16 15:12:19 ---- A ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \ WINDOWS \ system32 \ drivers
2008-10-16 14:07:16 ---- RD ---- C: \ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \ WINDOWS \ inf
2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32
2008-10-16 12:26:10 ---- SHD ---- C: \ WINDOWS \ Installer
2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $
2008-10-16 11:20:07 ---- D ---- C: \ Program Files \ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates
2008-10-16 11:19:07 ---- A ---- C: \ WINDOWS \ win.ini
2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Omistaja \ Application Data \ Symantec
2008-10-16 11:04:17 ---- D ---- C: \ Program Files \ Symantec
2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ Prefetch
2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS
2008-10-15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ Restore
2008-10-15 13:23:32 ---- A ---- C: \ WINDOWS \ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information
2008-10-07 15:19:40 ---- A ---- C: \ WINDOWS \ system32 \ MRT.exe
2008-10-03 13:41:15 ---- A ---- C: \ WINDOWS \ system32 \ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ Peach
====== List kuljettajien (R = Running, S = Pysäytetty, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R1 AmdPPM; AMD HwPState Processor Driver, C: \ WINDOWS \ system32 \ DRIVERS \ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser Control kuljettaja; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys []
R1 InCDPass; InCDPass, C: \ WINDOWS \ System32 \ DRIVERS \ InCDPass.sys [2003-09-01 28528]
R1 incdrm; InCD EasyWrite Reader, C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX, C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI, C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk, C: \ WINDOWS \ system32 \ DRIVERS \ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys []
R3 ALCXWDM; Service for Realtek AC97 Audio (WDM), C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Client pöytäkirjan, C: \ WINDOWS \ system32 \ DRIVERS \ arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag, C: \ WINDOWS \ system32 \ DRIVERS \ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ system32 \ Drivers \ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; PYYDYSTEN ASPI Filter Driver, C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP, C: \ WINDOWS \ system32 \ DRIVERS \ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2, C: \ WINDOWS \ system32 \ DRIVERS \ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS []
R3 NIC1394; 1394 Net Driver, C: \ WINDOWS \ system32 \ DRIVERS \ nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C)-perustuu PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS []
R3 SRTSP; SRTSP, C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys []
R3 SYMDNS; SYMDNS, C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \? \ C: \ WINDOWS \ system32 \ Drivers \ SYMEVENT.SYS []
R3 SYMFW; SYMFW, C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS, C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys []
R3 SymIMMP; SymIMMP, C: \ WINDOWS \ system32 \ DRIVERS \ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS, C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV, C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Enabled Hub, C: \ WINDOWS \ system32 \ DRIVERS \ Usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver, C: \ WINDOWS \ system32 \ DRIVERS \ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf, C: \ WINDOWS \ system32 \ DRIVERS \ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System, C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800]
S1 P3; Intel PentiumIII Processor Driver, C: \ WINDOWS \ system32 \ DRIVERS \ p3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge, C: \ WINDOWS \ system32 \ DRIVERS \ bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge Miniport, C: \ WINDOWS \ system32 \ DRIVERS \ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Family Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ mxnic.sys [2001-08-17 19968]
S3 nv; nv, C: \ WINDOWS \ system32 \ DRIVERS \ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL, C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Väliaika Filter Service; C: \ WINDOWS \ system32 \ DRIVERS \ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ DRIVERS \ usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Sarja Device, C: \ WINDOWS \ system32 \ DRIVERS \ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN Miniport (atwig), C: \ WINDOWS \ system32 \ DRIVERS \ wanatw4.sys []
S3 WudfPf, Windows Driver Foundation - User-Mode Driver Framework Platform Driver, C: \ WINDOWS \ system32 \ DRIVERS \ WudfPf.sys [2006-09-28 77568]
S3 WudfRd, Windows Driver Foundation - User-Mode Driver Framework Reflector, C: \ WINDOWS \ system32 \ DRIVERS \ wudfrd.sys [2006-09-28 82944]
S4 sr; Järjestelmän palauttaminen Filter Driver, C: \ WINDOWS \ system32 \ DRIVERS \ sr.sys [2008-04-13 73472]
====== Palvelujen luettelo (R = Running, S = Pysäytetty, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R2 Ati Pikanäppäin Poller; Ati Pikanäppäin Poller, C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504]
R2 Automaattinen LiveUpdaten ajoitin; Automaattinen LiveUpdaten ajoitin, C: \ Program Files \ Symantec \ LiveUpdaten \ AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic NetConnect service; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc, Google Updater-palvelu, C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD File System Service; C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdaten Ilmoitus; LiveUpdaten Ilmoitus, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager, C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL, C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET State Service, C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768]
S3 comHost, KOM Host, C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640]
S3 LiveUpdaten; LiveUpdaten, C: \ Program Files \ Symantec \ LiveUpdaten \ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 OSE; Office Source Engine, C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC, C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc, Windows Media Player Network Sharing Service; C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc, Windows Driver Foundation - User-Mode Driver Framework, C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-13 14336]
----------------- EOF -----------------
  #7  
Old 16 lokakuu 2008, 13:50
Moderator Group
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

The digestp.dll ei ole vielä mennyt.

Ensinnäkin:

Ladata Poista / Poista Windows Messenger sen Desktop poistaa Windows Messenger.

Älä sekoita Windows Messenger kanssa MSN Messenger koska ne eivät ole samat. Windows Messenger on usein syynä ponnahdusikkunat.

Unzip tiedosto työpöydällesi. Avaa MessengerDisable.exe ja valitse alhaalta box -- Uninstall Windows Messenger ja napsauta Päteä.

Poistu ulos MessengerDisable poista sitten kaksi tiedostoa, jotka on saatettu Desktop.

----------

Huom: seuraavat ohjeet on luotu erityisesti tälle käyttäjälle. Jos et ole tämän käyttäjän, ÄLÄ noudattaa näitä ohjeita, koska ne saattavat vahingoittaa toimintaa järjestelmän

Siirry Käynnistä> Suorita ja tyyppi notepad.exe sitten OK

Kopioi ja liitä alla Muistioon ja tallenna fixme.reg Sinun Desktop

Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
Etsi fixme.reg teidän Desktop ja kaksoisnapsauta sitä. Vastaus Kyllä kehotettaessa sulautumisesta rekisterille.

Varmista, että voit kertoa minulle, jos saat menestys viesti lisäämällä yllä rekisteriä. Jos et saa menestys viestin, se ei toimi.

Poista fixme.reg suoraan työpöydältäsi.

----------

Java on vanhentunut.

Vanhemmat versiot ovat vulnerabilities että ilkivaltaisten sivustot voivat käyttää tartuttaa järjestelmään.

Ensinnäkin asentaa uusi Sun Java Runtime Environment

Muista sulkea kaikki selainikkunat ennen asennusta.

Poista vanha versio (t)

Ladata JavaRa
  • Unzip tiedosto ja avaa JavaRa.exe
  • Valitse Poista Vanhemmat versiot
  • JavaRa etsii ja poistaa vanhentuneen version Java ja poista sellaiset, jotka on löydetty.
  • Valitse Ylimääräisiä tehtäviä
  • Aseta tarkistaa vieressä Poista Useless JRE Tiedostot ja napsauta Mennä
  • Poistu JavaRa
  • Poista JavaRa tiedostot Desktop
----------

Epäilyttäviä tiedostoja scan

Siirry VirSCAN.org VAPAA-on-line-scan palvelun
(Jos useampi kuin yksi tiedosto tarvitsee skannata ne on tehtävä erikseen ja lokit lähetetty kunkin yksi)

1. Kopioi ja liitä seuraava tiedostopolku osaksi Epäilyttäviä tiedostoja scan laatikko sivulla.
Code:
C: \ WINDOWS \ system32 \ CF23987.exe
2. Kun lataa osoittamalla kerran sisällä ikkunan vieressä Selaa.
3. Paina Ctrl + V -näppäintä (molemmat samanaikaisesti) liittää tiedoston polku ikkuna.
4. Klikkaa Upload painiketta.
Tämä tulee tehdä tarkistuksen useiden eri virustarkistusta moottoreita.
Tiedostosi mahdollisesti tulleet jonoon joka kestää yleensä alle minuutissa selvä.
Tärkeää: Odota kaikki hakunopeutta moottoreiden valmis.
5. Kun skannaus on valmis siirry alas ja klikkaa Kopioi leikepöydälle painiketta. Tämä kopioi linkki raportista Leikepöytä.
6. Liitä sisältöä Leikepöytä näkyy seuraavassa vastausta.

----------

Kun julkaistavin VirSCAN.org tuloksia.

Ladata ATF Cleaner jonka Atribune teidän Desktopista.

Alternate latauslinkki

Huom: Vista-käyttäjien on käytettävä Suorita järjestelmänvalvojana
  • Alle Vastaava: Valitse tiedostot Poista valita: Valitse kaikki.
  • Napsauta Tyhjä Valitut painiketta.
  • Jos käytät Firefox-selainta napsauta Firefox yläreunassa ja valitse: Valitse kaikki
  • Napsauta Tyhjä Valitut painiketta.
    Jos haluaisit pitää tallennetut salasanat napsauta Ei klo kehoitteeseen.
  • Jos käytät Opera-selain napsauta Opera yläreunassa ja valitse: Valitse kaikki
  • Napsauta Tyhjä Valitut painiketta.
    Jos haluaisit pitää tallennetut salasanat napsauta Ei klo kehoitteeseen.
  • Valitse Poistu päälistalla valikosta Lopeta ohjelma.
Huomaa, että järjestelmä ajaa hitaammin for a reboot tai kaksi sen jälkeen, kun käyttää tätä työkalua niin älä hermostu.

Tärkeää: Käynnistä tietokone uudelleen, ennen kuin jatkat.
__________________
  #8  
Old 16 lokakuu 2008, 14:39
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

1. Menestys Fixme.reg

2. Sitten täällä ovat 2 lokitiedostot halusitte minua lähettämään

A. JavaRa 1,11 Muuttokulut Loki.
Raportti seuraa sen jälkeen, kun linja.
------------------------------------
The JavaRa poistaminen aloitettiin torstaina lokakuu 16 17:23:09 2008
Found and removed: C: \ Windows \ System32 \ jpicpl32.cpl
Found and removed: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Found and removed: SOFTWARE \ Javasoftin \ Java Runtime Environment \ 1.4
Found and removed: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Found and removed: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Found and removed: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Found and removed: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200
Found and removed: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ UserData \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200
Found and removed: SOFTWARE \ Classes \ JavaPlugin.142
Found and removed: SOFTWARE \ Javasoftin \ Java Plug-in \ 1.4.2
Found and removed: SOFTWARE \ Javasoftin \ Java Runtime Environment \ 1.4.2
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.4.2
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.0.1
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.0.1_02
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.0.1_03
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.0.1_04
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.2
Found and removed: SOFTWARE \ Javasoftin \ Java Web Start \ 1.2.0_01
------------------------------------
Päättynyt raportointi.

JavaRa 1,11 Muuttokulut Loki.
Raportti seuraa sen jälkeen, kun linja.
------------------------------------
The JavaRa poistaminen aloitettiin torstaina lokakuu 16 17:23:18 2008
------------------------------------
Päättynyt raportointi.



B. VirSCAN. Org Indeksoitu Mietintö:
Indeksoitu aika: 2008/10/16 17:27:59 (EDT)
Scanner tulokset: Kaikki Skannerit raportoitu ei löydy haittaohjelmia!
Tiedoston nimi: CF23987.exe
Tiedoston koko: 389120 byte
File Type: PE32 suoritustiedosto MS Windows (konsoli) Intel 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online-raportti: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Engine Ver Sig Ver Sig Päiväys Aika Scan tulos
a-potenssiin 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0,18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
Avast! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0.94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008.10.16 2008-10-16 1,99 --
Rising 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
The Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --
  #9  
Old 16 lokakuu 2008, 14:41
Moderator Group
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

Lataa ComboFix jonka Subs jonkin alle linkkejä. Olla varma alkuun tallentaa ne Desktop.

Linkki # 1
Linkki # 2

** Huomautus: On tärkeää, että se on tallennettu suoraan Desktopin

Sulje kaikki avoimet Internet-selaimissa. (Firefox, Internet Explorer jne.) ennen ComboFix.

Väliaikaisesti poistaa käytöstä sinun antivirus, Ja mikä tahansa AntiSpyware reaaliaikainen suoja ennen suorittamalla skannata. Valitse linkki nähdä luettelon tietoturvaohjelmia, että otetaan huomioon myös vammaisten ja miten poistaa ne käytöstä.

Kaksoisnapsauta combofix.exe ja seuraa ohjeita.
Kun olet valmis ComboFix tuottaa lokin sinulle.
Postata ComboFix loki näkyy seuraavassa vastausta.

Tärkeää: Älä mouseclick ComboFix ikkunassa, kun se on käynnissä. Tämä saattaa aiheuttaa sen, pilttuu.

Muista uudelleen käyttöön virustentorjuntaohjelmasi ja antispyware suojelun ComboFix on valmis.
__________________
  #10  
Old 16 lokakuu 2008, 15:11
Jäsen
  
Default Riippumatta siitä, mitä minä en voi päästä eroon TROJAN.VUNDO.H

ComboFix 08-10-16.01 - Omistaja 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Running from: C: \ Documents and Settings \ Omistaja \ Desktop \ ComboFix.exe
* Luonut uuden palautuspisteen
.
((((((((((((((((((((((((((((((((((((((( Muut Poistetut ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ jestertb.dll
D: \ Autorun.inf
.
((((((((((((((((((((((((( Files luotu 2008-09-16 ja 2008-10-16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix Varmuuskopiot
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Omistaja \ Application Data \ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60.800 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Omistaja \. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ Sun
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Omistaja \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Omistaja \ Application Data \ Symantec
2008-10-16 15:04 --------- d ----- w C: \ Program Files \ Symantec
2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-09-24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Peach
2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Omistaja \ Application Data \ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ History \ History.IE5 \ MSHist012008052420080 525 \ Index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default merkinnät eivät näy
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ C: \ Windows \ system32 \ digestp.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded]
@ = "(4433A54A-1AC8-432f-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432f-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048]
"osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ ilmoitettava \! SASWinLogon]
2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ ilmoitettava \ paubftzz]
2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Käynnistä-valikko ^ Ohjelmat ^ Käynnistys ^ BigFix.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk
backup = C: \ WINDOWS \ PSS \ BigFix.lnkCommon käynnistysviestien
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Käynnistä-valikko ^ Ohjelmat ^ Käynnistys ^ Microsoft Office.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon käynnistysviestien
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
- a - c --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
- a ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
- a ------ 2003-09-01 09:32 1200178 C: \ Program Files \ Ahead \ InCD \ InCD.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
- a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
- a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
- a - c --- 2003-10-31 23:42 32768 C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
- a - c --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
- a - c --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
- a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
- a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
R0 pavboot; pavboot, C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544]
R0 shsizubv; shsizubv, C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon, C: \ WINDOWS \ system32 \ Drivers \ COH_Mo n.sys [2008-07-30 23888]
S3 VNUSB; VN Sarja Device, C: \ WINDOWS \ system32 \ DRIVERS \ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
\ Shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
\ Shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
* Newly Created Service * - COMHOST
* Newly Created Service * - PROCEXP90
.
Contents of the 'Scheduled Tasks-kansioon
2008-10-12 C: \ WINDOWS \ Tasks \ Automaattinen Koko Backup.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-15 C: \ WINDOWS \ Tasks \ Päiväkatsaus muutettu Files.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-11 C: \ WINDOWS \ Tasks \ PEACTREE VIIKOITTAINEN TAKAISIN UP.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
.
- - - - Orvolla poistettu - - - --
Toolbar-tunnus - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & rls = com.micros OFT: en-US & ie = utf8 & oe = utf8
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & Vie Microsoft Exceliin - C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
skannaus piilotettu prosessien ...
skannaus piilotettu Autostart merkinnät ...
skannaus piilotetut tiedostot ...
scan loppuun onnistuneesti
piilotetut tiedostot: 0
************************************************** ************************
.
Täydennys-aika: 2008-10-16 17:56:31
ComboFix-karanteenissa-files.txt 2008-10-16 21:56:27
Pre-Run: 142914838528 tavua vapaata
Post-Run: 142911078400 tavua vapaata
WindowsXP-KB310994-SP2-Home-BootDisk-FIN.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro-soft Windows XP Home Edition" / noexecute = OptIn / fastdetect
208 --- EOF --- 2008-10-16 15:20:49
Reply
Sivu 1 / 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Yhteydenotto -- Yksityisyydensuoja -- Sivukartta -- Ylös

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO on vBSEO © 2009, indeksoitavuutta, Inc.