|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone kynnistyy vain vikasietotilaan
|
|
|
mamabird
Newbie
|
27. maaliskuuta 2009 @ 13:38 |
Linkki tähän viestiin
|
Hei kaikille!
Meill on taloudessa kaksi konetta, miehen pöytäkone ja oma läppärini.
Läppäri on mallia HP Compaq 6715s
Ensin alkoi oireilla isännän kone. Sammutettiin napista pakottamalla kun meni jumiin ja sen jälkeen ei enää käynnistynyt kuin vikasietotilassa. Tässä linkki miehen logiin (laittoi sen varmaan väärään osoitteeseen): http://keskustelu.afterdawn.com/thread_view.cfm/760185
Tänä aamuna kävi sama mun koneessa. Meni jumiin, sammutettiin pakottamalla ja sen jälkeen ei enää käyntiin. Mulla ei lähtenyt käyntiin edes vikasietotilassa.
Vista suositteli itse järjestelmän palauttamista viimeksi toimivaan pisteeseen ja niin tein. Nyt tuntuu toimivan...
Skannasin kuitenkin nyt tuon Hijacthis login, jos joku viitsisi vilkaista sitä. Pitääkö jotain poistella tai muuttaa?
Kiitos avusta jo etukäteen!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:35, on 27.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gamenext.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F84C0C-A0CC-4160-8AE1-9E950752822B}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B8A3E9-C18A-4791-AFF2-5AE082A6B060}: NameServer = 10.0.0.2,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8eaaf3d7cd6ba) (gupdate1c8eaaf3d7cd6ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 14133 bytes
|
AfterDawn Addict
|
27. maaliskuuta 2009 @ 13:56 |
Linkki tähän viestiin
|
Tämä ohjelma oli Myrkkyä GamesBar
1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 3
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä uusi HJT logi ja
C:\ComboFix.txt raportti.
D:
(:)
|
|
mamabird
Newbie
|
27. maaliskuuta 2009 @ 15:11 |
Linkki tähän viestiin
|
Tehty.
Tässä on nyt Combofixin raportti:
ComboFix 09-03-26.03 - Käyttäjä 2009-03-27 14:29:13.1 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1035.18.895.190 [GMT 2:00]
Sijainti: c:\users\Käyttäjä\Documents\Downloads\ComboFix.exe
* Uusi palautuspiste luotu
.
[color=purple]Seuraavat tiedostot otettiin pois käytöstä ajon aikana:[/color]
c:\windows\system32\APSHook.dll
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\GamesBar\oberontb.dll
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-27 to 2009-03-27 )))))))))))))))))
.
2009-03-27 14:22 . 2009-03-27 14:24 <KANSIO> d-------- C:\32788R22FWJFW
2009-03-27 13:25 . 2009-03-27 13:28 <KANSIO> d-------- C:\HijackThis
2009-03-27 13:17 . 2009-02-05 23:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-13 23:30 . 2009-03-21 21:45 <KANSIO> d-------- c:\users\Käyttäjä\AppData\Roaming\SPORE
2009-03-13 23:30 . 2009-03-21 21:45 <KANSIO> d-------- c:\users\Käyttäjä\AppData\Roaming\SPORE
2009-03-13 23:30 . 2009-03-13 23:30 <KANSIO> dr-h----- c:\users\Käyttäjä\AppData\Roaming\SecuROM
2009-03-13 23:30 . 2009-03-13 23:30 <KANSIO> dr-h----- c:\users\Käyttäjä\AppData\Roaming\SecuROM
2009-03-13 23:00 . 2009-03-13 23:00 <KANSIO> d-------- c:\program files\Common Files\PCSuite
2009-03-13 23:00 . 2009-03-13 23:00 <KANSIO> d-------- c:\program files\Common Files\Nokia
2009-03-13 16:07 . 2009-03-13 16:07 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-09 21:53 . 2009-03-09 21:53 <KANSIO> d-------- c:\users\All Users\Electronic Arts
2009-03-09 21:53 . 2009-03-09 21:53 <KANSIO> d-------- c:\programdata\Electronic Arts
2009-03-09 21:53 . 2009-03-13 21:46 15,282 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Videos
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Searches
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Music
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Links
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-03-09 21:52 . 2009-03-09 21:52 <KANSIO> dr------- c:\windows\System32\config\systemprofile\Documents
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 12:48 4,980,736 --sha-w c:\users\Käyttäjä\ntuser.dat
2009-03-27 12:48 4,980,736 --sha-w c:\users\Käyttäjä\ntuser.dat
2009-03-27 12:39 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\OpenOffice.org2
2009-03-27 12:39 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\OpenOffice.org2
2009-03-27 12:30 --------- d-----w c:\program files\GamesBar
2009-03-27 10:44 --------- d-----w c:\programdata\Vodafone
2009-03-22 23:04 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\Winamp
2009-03-22 23:04 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\Winamp
2009-03-22 22:58 --------- d-----w c:\programdata\Roxio
2009-03-22 22:58 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-21 19:45 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\SPORE
2009-03-21 19:45 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\SPORE
2009-03-17 19:53 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\Canon
2009-03-17 19:53 --------- d-----w c:\users\Käyttäjä\AppData\Roaming\Canon
2009-03-13 21:30 --------- d--h--r c:\users\Käyttäjä\AppData\Roaming\SecuROM
2009-03-13 21:30 --------- d--h--r c:\users\Käyttäjä\AppData\Roaming\SecuROM
2009-03-13 21:00 --------- d-----w c:\program files\Nokia
2009-03-13 20:57 --------- d-----w c:\programdata\Installations
2009-03-13 19:18 --------- d-----w c:\program files\Electronic Arts
2009-03-13 19:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 14:06 --------- d-----w c:\program files\Java
2009-02-26 00:47 --------- d-----w c:\program files\Common Files\Adobe
2009-02-24 12:41 --------- d-----w c:\program files\Google
2009-02-02 17:45 --------- d-----w c:\program files\Gamenext
2009-02-02 17:23 --------- d---a-w c:\programdata\TEMP
2009-02-02 16:23 --------- d-----w c:\programdata\GamesBar
2009-02-02 16:22 --------- d-----w c:\program files\Oberon Media
2009-02-02 16:22 --------- d-----w c:\program files\Common Files\Oberon Media
2008-09-08 09:19 24 ----a-w c:\users\Käyttäjä\jagex_runescape_preferences.dat
2008-09-08 09:19 24 ----a-w c:\users\Käyttäjä\jagex_runescape_preferences.dat
2008-08-14 19:34 2,841,645 ----a-w c:\users\Käyttäjä\DriverUpdaterPro.exe
2008-08-14 19:34 2,841,645 ----a-w c:\users\Käyttäjä\DriverUpdaterPro.exe
2008-08-14 19:34 2,841,645 ----a-w c:\users\Käyttäjä\DriverUpdaterPro(2).exe
2008-08-14 19:34 2,841,645 ----a-w c:\users\Käyttäjä\DriverUpdaterPro(2).exe
2008-06-06 00:29 174 --sha-w c:\program files\desktop.ini
2007-12-09 13:21 323,274 ----a-w c:\users\Käyttäjä\mm806f.exe
2007-12-09 13:21 323,274 ----a-w c:\users\Käyttäjä\mm806f.exe
2007-11-27 14:47 32 ----a-w c:\users\All Users\ezsid.dat
2007-11-27 14:47 32 ----a-w c:\programdata\ezsid.dat
2003-03-21 10:45 250,544 ----a-w c:\program files\Common Files\keyhelp.ocx
2007-09-06 19:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-06 19:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-06 19:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect.EXE"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2007-11-19 2711552]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"VMCL"="c:\program files\vodafone\vmclite\DongleEnumerator.exe" [2007-10-17 131072]
"Google Update"="c:\users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-09 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-12-14 330264]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-17 1097728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-02-22 44168]
c:\users\K?ytt?j?\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]
c:\users\K?ytt?j?\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{E4267B9E-A850-4872-9953-88AEF8EF7927}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{246C87D7-0E38-4765-A214-A77AE7176711}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{111D3DC5-F108-4B2D-A203-9B15570452ED}"= %ProgramFiles%\Elisa\Avustaja\Elisa.exe:Elisa Avustaja
"{96BDC4CF-13B5-47C8-9F3D-7BCE7E53BBB1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{F75D2AA9-D197-4B20-8BD5-67FA47E80C85}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
"UDP Query User{95B11F08-CACA-40A8-9C39-8E759BB89223}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
"TCP Query User{DD8819C6-9D67-472D-B0A7-055891F2C4C6}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
"UDP Query User{1A6E918C-D153-4F3D-83EF-74CABDE582E4}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
"TCP Query User{62010669-3470-488C-985F-A51C97377B2C}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{8746268C-1AF8-425F-B973-F01668F7155C}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{8A730F3B-2C7A-4981-984A-E4C7D9A9AE90}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8D235236-AF2D-4D0F-B62D-722F86B28004}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FF1AECE7-7965-4179-9352-1B240CBF51F4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D78072EF-44DB-404A-B1AD-B605E508ADEA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A1FEC634-1AEC-4266-A1AE-0143C8FC7A5D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61142071-1D0A-4992-8DC5-308608DD69B1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{440B61E6-1BB6-4C58-90FC-5C9BE17AE294}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2F7688F-2B1F-4B0E-8187-A0B4ACC948C2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-27 114768]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2007-08-30 35024]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-06-06 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-06-06 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-27 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-27 51792]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-03-26 538136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-01-23 179200]
R3 BTHprint;Microsoft Bluetooth -tulostinluokka;c:\windows\System32\drivers\BTHPRINT.SYS [2008-06-06 29696]
S2 gupdate1c8eaaf3d7cd6ba;Google Update Service (gupdate1c8eaaf3d7cd6ba);c:\program files\Google\Update\GoogleUpdate.exe [2008-07-20 133104]
S2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2007-03-26 18944]
--- Muut muistissa olevat ajurit/palvelut ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
rsmsvcs REG_MULTI_SZ ntmssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\AutoRun\command - M:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\shell\AutoRun\command - N:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{006bb31a-ef91-11dc-9154-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c98a9a3-32f7-11dd-b961-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eb63fd4-53c7-11dc-bd9a-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eb63fd5-53c7-11dc-bd9a-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c86e54f-2bdd-11dd-a7d1-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f900f4c-500d-11dc-a170-806e6f6e6963}]
\shell\AutoRun\command - F:\STARTUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b04a7a-1ef4-11dc-86a8-001a6b73d79f}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91b04a86-1ef4-11dc-86a8-001a6b73d79f}]
\shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a689b32e-335d-11dd-b79c-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a689b33d-335d-11dd-b79c-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d38b4d27-ed63-11dc-aae2-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d38b4d2b-ed63-11dc-aae2-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d38b4d2e-ed63-11dc-aae2-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3832095-edca-11dc-a78c-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3832107-edca-11dc-a78c-001a6bae2022}]
\shell\AutoRun\command - O:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8431b5a-2bd8-11dd-83cb-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8431b5b-2bd8-11dd-83cb-001a6bae2022}]
\shell\AutoRun\command - G:\StartVMCLite.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2009-03-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 02:05]
2009-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1633147478-1816849810-4128679454-1007.job
- c:\users\K []
2009-03-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ELISAT~1\ANTI-V~1\fsav.exe []
.
- - - - POISTETUT JÄMÄRIVIT - - - -
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://start.gamenext.com
uInternet Settings,ProxyOverride = *.local
IE: Lähetä kuva &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Lähetä sivu &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C4B8A3E9-C18A-4791-AFF2-5AE082A6B060} = 10.0.0.2,192.168.0.1
FF - ProfilePath - c:\users\Käyttäjä\AppData\Roaming\Mozilla\Firefox\Profiles\tzk2wkt6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1<mpl=default<mplcache=2#inbox
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Käyttäjä\AppData\Roaming\Mozilla\Firefox\Profiles\tzk2wkt6.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 14:47:35
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'lsass.exe'(688)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(13520)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\windows\SMINST\Scheduler.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\sdclt.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\windows\System32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-03-27 15:02:56 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-03-27 13:02:18
Ennen ajoa: 5 649 321 984 tavua vapaana
Ajon jälkeen: 5,417,676,800 tavua vapaana
346 --- E O F --- 2008-06-05 21:11:10
Ja tässä on hijackthis raportti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:14, on 27.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\DeviceListener.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\ConAppM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Käyttäjä\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gamenext.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Käyttäjä\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B8A3E9-C18A-4791-AFF2-5AE082A6B060}: NameServer = 10.0.0.2,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8eaaf3d7cd6ba) (gupdate1c8eaaf3d7cd6ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12556 bytes
|
AfterDawn Addict
|
27. maaliskuuta 2009 @ 16:02 |
Linkki tähän viestiin
|
Kirjoita windowsin käynnistävalikon Aloita haku-kenttään ComboFix.exe /u paina OK
**********************************************************
Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis (HJT):ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gamenext.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: BTTray.lnk = ?
Toimiiko nyt ???
D:
(:)
|
|
Yesse
Senior Member
40 tuotearviota
|
27. maaliskuuta 2009 @ 16:14 |
Linkki tähän viestiin
|
Mulla oli myös sama vika HP:n läppärin kanssa, dv6650eo mallia.Itse poistin System32 kansiosta Royal.sys tiedoston.Tiedän, että niitä ei saisi poistaa mutta sen kun tein niin ei ole yhtään ongelmia ollut.Tollein yleensä kai käy jos HP läppärissä on ajuri konflikteja, mutta royal.sys poistaminen pitäisi auttaa.
|
AfterDawn Addict
|
27. maaliskuuta 2009 @ 16:25 |
Linkki tähän viestiin
|
|
=> Yesse !!!
Nuo Vistan Piraatti hommat ei oikein kuulu tälle Foralle
D:
(:)
|
|
Yesse
Senior Member
40 tuotearviota
|
27. maaliskuuta 2009 @ 16:30 |
Linkki tähän viestiin
|
|
Nojoo, olin kyllä ladannu vistan ISOna mutta käytin ihan oikeeta serialia.Eiköhän se ole laillista.
|
|
mamabird
Newbie
|
27. maaliskuuta 2009 @ 17:08 |
Linkki tähän viestiin
|
|
Sammutuksen yhteydessä teki nyt niin, että heitti bluescreenin jossa luki jotain fatal system error ja pitkä lista numeroita ja muuta tekstiä jota en ehtinyt saada ylös.
Aika moneen kertaan jouduin käynnistämään koneen, ennenku lopulta pääsin normaalitilassa kirjautumaan. Mutta sitten... kone ei tunnistanut langatonta verkkokorttia. Käynnistin koneen vielä kerran, jonka jälkeen olen nyt tässä.
Kone on normaalitilassa ja toimii ihan jees, ainakin toistaiseksi.
Nyt kuitenkin on tuo miehen kone vielä, jossa on sama ongelma. Eli hänellä on pöytäkone, joka alkoi käyttäytymään jo eilen samalla tavalla.
Hänellä avastin viruskanneri hälyytti system32 tiedostossa, että olisi joku troijalainen nimeltään Vundo...
Tässä kerkeäis tuomiopäivä koittaa, jos mä rupeaisin tässäkohtaa omaa konettani avastilla skannaamaan, mutta voiko olla, että tälläkin koneella olisi samainen virus?
Miehen avunpyyntö on tuossa ylempänä, vistan käynnistysongelmia vol 2. Osaisitteko auttaa häntä tässä ongelmassa?
|
AfterDawn Addict
|
27. maaliskuuta 2009 @ 20:14 |
Linkki tähän viestiin
|
|
Katsotaan !!!
D:
(:)
|
|
Lada1500s
Member
26 tuotearviota
|
27. maaliskuuta 2009 @ 20:51 |
Linkki tähän viestiin
|
|
Malwarebyte's Anti-Malware läpi koneella, lähtee Vundot mäkeen (omakohtaisia kokemuksia kyseisen viruksen kanssa).
Joo, mutta kokeile tuota ja sitten kannattaa kattoa, että esim. koneen mukana tullut Norton/Norman/jokin muu virussofta ei ole mennyt vanhaksi. Alakerran koneessa kävi näin ja sitten iski oikein kunnolla, kone niin tukossa, että mikään muu ohjelma ei pistäny niin kyykkyyn.
Emo: ASUS M4N72-E; Prossu: AMD Phenom II 955; Muistit: 4Gt Kingston 800MHz DDR2; Näyttis: ASUS Geforce 9800GTX+; Äänikortti: SoundBlaster Audigy; Virtalähde: Antec Earthwatts 500w; Kotelo: Antec Sonata III; Näyttö: LG:n 22" 22LS4D 1650x1050
|
|
Mainos
|
|
|
|
Yesse
Senior Member
40 tuotearviota
|
28. maaliskuuta 2009 @ 16:02 |
Linkki tähän viestiin
|
|
Kokeiles päivittää biot, vaikka onkin läppäri.Sitten toisaalta voisit skannaa virukset tai formatoida vaan, ettei sininen ruutu hyppäisi kesken skannauksen.Itsellä vika oli juuri siinä modeemi/faxi ajurissa.Kun sitä asensi ja käynnisti uudelleen niin ei suostunut käynnistymään normaalissa tilassa.
|
|
