|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Tietokoneessani on viruksia - kuinka poistan ne?
|
|
|
Tooumas
Junior Member
|
24. heinäkuuta 2009 @ 22:18 |
Linkki tähän viestiin
|
Kävin täällä http://support.microsoft.com/kb/948253/fi osoitteessa ja ensi alkuun miten voin päivittää vista sp1 koska olen jo päivittänyt sen sp2:ksi? Koetin kuitenkin etsiä noita tiedostoja ja en löytänyt yhtään, enkä löytänyt myöskään kumpaakaan tiedostoa jotka käskit etsiä ja scannata tuolla jottis scannerilla. Katsoin ohjeet ja mielestäni laitoin piilotiedostot näkyviin, mutta ei noita löydy. Ohjeet olivat windowsin vanhemmille versioille mutta samalla tavalla pitäisi kai onnistua Vistassakin.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. heinäkuuta 2009 @ 22:18
|
|
Tooumas
Junior Member
|
25. heinäkuuta 2009 @ 19:57 |
Linkki tähän viestiin
|
|
|
|
Tooumas
Junior Member
|
29. heinäkuuta 2009 @ 01:19 |
Linkki tähän viestiin
|
|
Joku kai tuolla näyttäis olevan? Kumma että vaan 1 ohjlema näkee sen :O. Voiskohan tuo olla se joka vie minulta oikeidet päästä documents and settings kansioon ja Omat kuva-,omat musiikki- ja omat videotiedostoihin? En edelleenkään pysty menemään tuonne spxq.sys luo.
|
|
warwas
Suspended permanently
|
29. heinäkuuta 2009 @ 02:15 |
Linkki tähän viestiin
|
Sori kestänyt taas...
kokeillaas iha Gmeril katella:
Lataa GMER ja tallenna se työpöydällesi:[list]
[*]Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
[*]Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
[*]Älä rastita "Show All" boksia skannauksen aikana!
[*]Kun skannaus on valmis, klikkaa Copy.
[*]Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
[*]Liitä loki sitten viestiketjuusi.
[/list]
|
|
Tooumas
Junior Member
|
29. heinäkuuta 2009 @ 11:55 |
Linkki tähän viestiin
|
Aiemminhan me jo tuota Gmer:iä käytimme. Nyt kun koitan ajaa sen niin n. minuutin jälkeen se sammuu itsekseen ja widnows sanoo että Gmer.exe lakkasi toimimiasta ja windows etsii ratkaisua.
Edit. Nyt sain sen ajettua läpi.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-29 12:27:40
Windows 6.0.6002 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwCreateThread [0x92918E02]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwLoadDriver [0x9291912A]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92918B4E]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwOpenSection [0x9291955C]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwRenameKey [0x9291A7FA]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x929193AC]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSuspendProcess [0x929189D4]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSuspendThread [0x92918E36]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92918FB0]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwTerminateProcess [0x92918934]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwTerminateThread [0x92918A8A]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92918EFA]
SSDT \??\C:\Program Files\PC Protection\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92918E1C]
INT 0x61 ? 85DFFBF8
INT 0x62 ? 86FB8BF8
INT 0x71 ? 85DFFBF8
INT 0x72 ? 86FB8BF8
INT 0x72 ? 86FB8BF8
INT 0x72 ? 86FB8BF8
INT 0x81 ? 85DFFBF8
INT 0xA1 ? 86FB8BF8
INT 0xA1 ? 86FB8BF8
INT 0xA1 ? 86FB8BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 826F0964 4 Bytes [02, 8E, 91, 92]
.text ntkrnlpa.exe!KeSetEvent + 37D 826F0AC0 4 Bytes [2A, 91, 91, 92]
.text ntkrnlpa.exe!KeSetEvent + 3AD 826F0AF0 4 Bytes [4E, 8B, 91, 92]
.text ntkrnlpa.exe!KeSetEvent + 3FD 826F0B40 4 Bytes [5C, 95, 91, 92] {POP ESP; XCHG EBP, EAX; XCHG ECX, EAX; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 515 826F0C58 4 Bytes [FA, A7, 91, 92] {CLI ; CMPSD ; XCHG ECX, EAX; XCHG EDX, EAX}
.text ...
? System32\Drivers\spzf.sys Määritettyä polkua ei löydy. !
.text USBPORT.SYS!DllUnload 837A941B 5 Bytes JMP 86FB81D8
.text a4jv867l.SYS 91C06000 22 Bytes [82, 83, 61, 82, 6C, 82, 61, ...]
.text a4jv867l.SYS 91C06017 45 Bytes [00, 32, 27, 71, 80, 3D, 25, ...]
.text a4jv867l.SYS 91C06045 135 Bytes [AA, 6E, 82, FD, 29, 68, 82, ...]
.text a4jv867l.SYS 91C060CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text a4jv867l.SYS 91C060DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1380] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7689B364 4 Bytes [F0, 1F, 00, 10]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806086D6] \SystemRoot\System32\Drivers\spzf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80608042] \SystemRoot\System32\Drivers\spzf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80608800] \SystemRoot\System32\Drivers\spzf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806080C0] \SystemRoot\System32\Drivers\spzf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060813E] \SystemRoot\System32\Drivers\spzf.sys
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortWritePortUchar] 8391C2BF
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F91C290
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a4jv867l.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03062690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [03061290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [03062300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [03061B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01D82690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01D81290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [01D82300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01D81B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85E041F8
Device \FileSystem\udfs \UdfsCdRom 87263500
Device \FileSystem\udfs \UdfsDisk 87263500
Device \Driver\sptd \Device\2830274039 spzf.sys
Device \Driver\volmgr \Device\VolMgrControl 85E011F8
Device \Driver\usbohci \Device\USBPDO-0 86FA61F8
Device \Driver\usbohci \Device\USBPDO-1 86FA61F8
Device \Driver\usbehci \Device\USBPDO-2 86F9E1F8
Device \Driver\usbohci \Device\USBPDO-3 86FA61F8
Device \Driver\usbohci \Device\USBPDO-4 86FA61F8
Device \Driver\usbehci \Device\USBPDO-5 86F9E1F8
Device \Driver\PCI_PNP6021 \Device\00000056 spzf.sys
Device \Driver\usbohci \Device\USBPDO-6 86FA61F8
Device \Driver\volmgr \Device\HarddiskVolume1 85E011F8
Device \Driver\volmgr \Device\HarddiskVolume2 85E011F8
Device \Driver\cdrom \Device\CdRom0 86FD21F8
Device \Driver\volmgr \Device\HarddiskVolume3 85E011F8
Device \Driver\cdrom \Device\CdRom1 86FD21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85E031F8
Device \Driver\atapi \Device\Ide\IdePort0 85E031F8
Device \Driver\atapi \Device\Ide\IdePort1 85E031F8
Device \Driver\atapi \Device\Ide\IdePort2 85E031F8
Device \Driver\atapi \Device\Ide\IdePort3 85E031F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85E031F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 85E031F8
Device \Driver\volmgr \Device\HarddiskVolume4 85E011F8
Device \Driver\USBSTOR \Device\00000080 878921F8
Device \Driver\volmgr \Device\HarddiskVolume5 85E011F8
Device \Driver\USBSTOR \Device\00000081 878921F8
Device \Driver\volmgr \Device\HarddiskVolume6 85E011F8
Device \Driver\volmgr \Device\HarddiskVolume7 85E011F8
Device \Driver\netbt \Device\NetBt_Wins_Export 878B81F8
Device \Driver\volmgr \Device\HarddiskVolume8 85E011F8
Device \Driver\Smb \Device\NetbiosSmb 878AA1F8
Device \Driver\USBSTOR \Device\00000079 878921F8
Device \Driver\iScsiPrt \Device\RaidPort0 872851F8
Device \Driver\usbohci \Device\USBFDO-0 86FA61F8
Device \Driver\usbohci \Device\USBFDO-1 86FA61F8
Device \Driver\usbehci \Device\USBFDO-2 86F9E1F8
Device \Driver\usbohci \Device\USBFDO-3 86FA61F8
Device \Driver\usbohci \Device\USBFDO-4 86FA61F8
Device \Driver\USBSTOR \Device\0000007e 878921F8
Device \Driver\usbehci \Device\USBFDO-5 86F9E1F8
Device \Driver\USBSTOR \Device\0000007f 878921F8
Device \Driver\usbohci \Device\USBFDO-6 86FA61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D3BCD70C-BAA6-4B6D-A3F7-AE7A9778840B} 878B81F8
Device \Driver\a4jv867l \Device\Scsi\a4jv867l1 871881F8
Device \Driver\a4jv867l \Device\Scsi\a4jv867l1Port5Path0Target0Lun0 871881F8
Device \FileSystem\cdfs \Cdfs 8844B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xB0 0x34 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x91 0x31 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0xE1 0x03 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xB0 0x34 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0x91 0x31 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0xE1 0x03 0xAB ...
---- EOF - GMER 1.0.15 ----
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. heinäkuuta 2009 @ 12:30
|
|
Tooumas
Junior Member
|
1. elokuuta 2009 @ 12:38 |
Linkki tähän viestiin
|
|
Tietokoneen käynnistys on hidastunut vähän. :/
Edit. Tuo hidastuminen luultavasti johtui vain siitä kun tuon windowsin päivityksen kanssa oli jotai vikaa.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. elokuuta 2009 @ 16:17
|
|
Tooumas
Junior Member
|
3. elokuuta 2009 @ 21:12 |
Linkki tähän viestiin
|
F-Secure ilmoitti tämmöistä. Näiden jälkeen tuli uusi ilmoitus jossa luki: toiminto epäonnistunut. Mikäs neuvoksi? Onko tuo vaarallinen troijalainen?
http://www.aijaa.com/v.php?i=4609805.jpg
Ei tuo kuvan lataaminen tähän onnistunut mutta tuolla on kuva.
e2. Nyt F-Secure taas ilmoitti että siellä on se Trojalainen ja eristin sen. Olisiko sama poistaa tartunnan saanut tiedosto?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. elokuuta 2009 @ 22:01
|
|
warwas
Suspended permanently
|
4. elokuuta 2009 @ 22:59 |
Linkki tähän viestiin
|
Ei oo puhas...
Ota uusi hjt
|
|
Tooumas
Junior Member
|
4. elokuuta 2009 @ 23:01 |
Linkki tähän viestiin
|
tässä. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:32, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Tuomas Tuppurainen\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tuomas Tuppurainen\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9996 bytes
|
|
Tooumas
Junior Member
|
10. elokuuta 2009 @ 22:23 |
Linkki tähän viestiin
|
|
No mitäs siellä on? :S
|
|
warwas
Suspended permanently
|
18. elokuuta 2009 @ 01:03 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Tooumas:
No mitäs siellä on? :S
Kräkättyä Adobea...
|
|
Tooumas
Junior Member
|
18. elokuuta 2009 @ 15:35 |
Linkki tähän viestiin
|
Ok, waretin photoshopin, sori. Mutta onko siellä viruksia? Tuon viimeksi laitetun login jälkeen on ainakin jonkun trojalaisen F-Secure poistanu. Semmonen ihmetyttää, että on pari kertaa windows käynnistyksessä tehnyt niin että ennen sitä kun tulee se valinta jossa voit päättää millä käyttäjätilillä kirjaudut, on kestänyt melko pitkään pelkkää mustaa ruutua ja sitten tulee sinisellä pohjalla valkoista tekstiä jossa lukee jotain. Yhdessä kohdassa luki muistaakseni jotakin dumping physical memory sitten se rullaa 0-100 ja widnows boottaa uudestaan.Sitten kun se boottaa sen koneen windows kysyy haluanko normaalin käynnistyksen vai vikasietotilaan jne. Ja n.joka toisella käynnistyksellä ennen sitä kirjautumista windows rullaa melko pitkään eikä mitään tapahdu, vain musta ruutu. Sitten semmonen että mikäs on kun mulla näkyy windowsin tehtävienhallinassa 16 conime.exe:ä? Jokin virus kaiketi, mutta auttaisitko saamaan tuon pois? Tässä olis HJT logi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:32, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\PC Protection\Common\FSM32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Tuomas Tuppurainen\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Protection\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kainuu.com/Main.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tuomas Tuppurainen\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\PC Protection\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c98d215460089e) (gupdate1c98d215460089e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9996 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. elokuuta 2009 @ 19:37
|
|
Mainos
|
|
|
|
Tooumas
Junior Member
|
23. elokuuta 2009 @ 22:03 |
Linkki tähän viestiin
|
|
Voisitteko kuitenkin tarkastaa tuon ja katsoa onko siellä mitään virusta?
|
|
