Netti ei pelitä -> HijackThis-logi

Mul on AVG mikä ei oo aktiviine, Avast!, Superantispyware, Malware ja Eset NOD32 30pv:n koekäyttö.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:06, on 8.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9184 bytes


--------------------------------------------------

ComboFix 08-06-07.3 - Mikko 2008-06-08 19:09:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1284 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:32   ---------   d-----w   C:\Program Files\ESET
2008-06-07 11:32   ---------   d-----w   C:\PROGRA~2\ESET
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-04 16:41   ---------   d-----w   C:\Program Files\Avira
2008-06-03 17:32   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-03 17:32   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:31   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-05 17:46   27,048   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-03-08 04:30   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30   1,686,528   ----a-w   C:\Windows\System32\gameux.dll
2008-03-08 00:37   4,247,552   ----a-w   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22   2,560   ----a-w   C:\Windows\AppPatch\AcRes.dll
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 19:11:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 19:13:03
ComboFix-quarantined-files.txt 2008-06-08 16:12:58

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

179   --- E O F ---   2008-06-06 19:01:02

muumi-peikko kirjoitti:

Mul on AVG mikä ei oo aktiviine, Avast!, Superantispyware, Malware ja Eset NOD32 30pv:n koekäyttö.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:06, on 8.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9184 bytes


--------------------------------------------------

ComboFix 08-06-07.3 - Mikko 2008-06-08 19:09:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1284 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:32   ---------   d-----w   C:\Program Files\ESET
2008-06-07 11:32   ---------   d-----w   C:\PROGRA~2\ESET
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-04 16:41   ---------   d-----w   C:\Program Files\Avira
2008-06-03 17:32   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-03 17:32   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:31   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-05 17:46   27,048   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-03-08 04:30   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30   1,686,528   ----a-w   C:\Windows\System32\gameux.dll
2008-03-08 00:37   4,247,552   ----a-w   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22   2,560   ----a-w   C:\Windows\AppPatch\AcRes.dll
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 19:11:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 19:13:03
ComboFix-quarantined-files.txt 2008-06-08 16:12:58

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

179   --- E O F ---   2008-06-06 19:01:02

Lue lisää

että yksi virusohjelma koneella ja yksi palomuuri

avg virustorjuntaa tuossa ei ole, on vain skanneri

avasti ja nod siellä tappelee keskenään

eli poista tuo
Eset NOD32 30pv:n koekäyttö.

poista anakin lisää poista sovelutuksesta

SUPERAntiSpyware
AVG Anti-Spyware 7.5

ja poista kansio vikasiedossa

C:\Program Files\==> SUPERAntiSpyware Grisoft

FixFix kirjoitti:

että yksi virusohjelma koneella ja yksi palomuuri

avg virustorjuntaa tuossa ei ole, on vain skanneri

avasti ja nod siellä tappelee keskenään

eli poista tuo
Eset NOD32 30pv:n koekäyttö.

poista anakin lisää poista sovelutuksesta

SUPERAntiSpyware
AVG Anti-Spyware 7.5

ja poista kansio vikasiedossa

C:\Program Files\==> SUPERAntiSpyware Grisoft

Lue lisää

Kun oon noi tehny ni sitte uudet lokit?

muumi-peikko kirjoitti:

Kun oon noi tehny ni sitte uudet lokit?

hjt:n loki

******

1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

*******

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

muumi-peikko kirjoitti:

Kun oon noi tehny ni sitte uudet lokit?

poistettu oikein? Tietoturvassa määrä ei korvaa laatua.

FixFix kirjoitti:

että yksi virusohjelma koneella ja yksi palomuuri

avg virustorjuntaa tuossa ei ole, on vain skanneri

avasti ja nod siellä tappelee keskenään

eli poista tuo
Eset NOD32 30pv:n koekäyttö.

poista anakin lisää poista sovelutuksesta

SUPERAntiSpyware
AVG Anti-Spyware 7.5

ja poista kansio vikasiedossa

C:\Program Files\==> SUPERAntiSpyware Grisoft

Lue lisää

En voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa?

myös Norton kirjoitti:

poistettu oikein? Tietoturvassa määrä ei korvaa laatua.

Siit o joku 3-4kk ku poistin sen.

muumi-peikko kirjoitti:

En voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa?

mitäs lupaa se tarvii

scannaas uusi hjt:n loki

FixFix kirjoitti:

mitäs lupaa se tarvii

scannaas uusi hjt:n loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:06, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8644 bytes

muumi-peikko kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:06, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8644 bytes

Lue lisää

valvojan oikeuksilla koneella

scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

***********

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

*********

Poista vikasiedossa kansio

C:\Program Files\==> ESET

muumi-peikko kirjoitti:

En voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa?

ensin, sitten poistoon. Kts., että prosessi eknl.exe poistuu tehtävienhallinnasta. Siinä muita lupia tartte.

sammuttaa kirjoitti:

ensin, sitten poistoon. Kts., että prosessi eknl.exe poistuu tehtävienhallinnasta. Siinä muita lupia tartte.

ekrn.exe

FixFix kirjoitti:

valvojan oikeuksilla koneella

scannaa hjt:llä merkkaa paina Fix checked

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

***********

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

*********

Poista vikasiedossa kansio

C:\Program Files\==> ESET

Lue lisää

Nyt ku yritin poistaa "Toimintoa ei voi viimeistellä, koska kansio on avattu jossakin toisessa ohjelmassa" "Sulje kansio ja yritä uudelleen."

muumi-peikko kirjoitti:

Nyt ku yritin poistaa "Toimintoa ei voi viimeistellä, koska kansio on avattu jossakin toisessa ohjelmassa" "Sulje kansio ja yritä uudelleen."

yksi eset ei nyt voi olla noin ilkee

FixFix kirjoitti:

yksi eset ei nyt voi olla noin ilkee

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:20, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8393 bytes
__________________________________________________

ComboFix 08-06-07.3 - Mikko 2008-06-09 16:10:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1215 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 19:33   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-07 11:32   ---------   d-----w   C:\Program Files\ESET
2008-06-07 11:32   ---------   d-----w   C:\PROGRA~2\ESET
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-05 17:46   27,048   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 16:12:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 16:13:08
ComboFix-quarantined-files.txt 2008-06-09 13:13:04
ComboFix2.txt 2008-06-09 12:26:29
ComboFix3.txt 2008-06-08 16:13:03

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

162   --- E O F ---   2008-06-06 19:01:02

muumi-peikko kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:20, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8393 bytes
__________________________________________________

ComboFix 08-06-07.3 - Mikko 2008-06-09 16:10:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1215 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 19:33   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-07 11:32   ---------   d-----w   C:\Program Files\ESET
2008-06-07 11:32   ---------   d-----w   C:\PROGRA~2\ESET
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-05 17:46   27,048   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 16:12:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 16:13:08
ComboFix-quarantined-files.txt 2008-06-09 13:13:04
ComboFix2.txt 2008-06-09 12:26:29
ComboFix3.txt 2008-06-08 16:13:03

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

162   --- E O F ---   2008-06-06 19:01:02

Lue lisää

pois

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

Folder::
C:\Program Files\ESET
C:\PROGRA~2\ESET

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

FixFix kirjoitti:

pois

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

Folder::
C:\Program Files\ESET
C:\PROGRA~2\ESET

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Lue lisää

Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.

ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

Tiedostoja ei ole luotu t„ll„ aikav„lill„

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-05 13:04   34,296   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42   67,584   --s-a-w   C:\Windows\bootstat.dat
2008-06-09 16:28:01   67,584   --s-a-w   C:\Windows\bootstat.dat
- 2008-06-09 12:18:24   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32   107,416   ----a-w   C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42   107,416   ----a-w   C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32   618,272   ----a-w   C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42   618,272   ----a-w   C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

311   --- E O F ---   2008-06-06 19:01:02

muumi-peikko kirjoitti:

Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.

ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

Tiedostoja ei ole luotu t„ll„ aikav„lill„

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-05 13:04   34,296   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42   67,584   --s-a-w   C:\Windows\bootstat.dat
2008-06-09 16:28:01   67,584   --s-a-w   C:\Windows\bootstat.dat
- 2008-06-09 12:18:24   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32   107,416   ----a-w   C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42   107,416   ----a-w   C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32   618,272   ----a-w   C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42   618,272   ----a-w   C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

311   --- E O F ---   2008-06-06 19:01:02

Lue lisää

Koitin äsken kaikkii sivui mihin en ennen päässy ja kun tuli poistettua niitä virusohjelmia ja nyt pelittää :D

muumi-peikko kirjoitti:

Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.

ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.

Tiedostoja ei ole luotu t„ll„ aikav„lill„

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38   ---------   d-----w   C:\Program Files\Java
2008-06-06 14:37   ---------   d-----w   C:\Program Files\Common Files\Java
2008-06-05 13:04   34,296   ----a-w   C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04   15,864   ----a-w   C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32   ---------   d-----w   C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36   ---------   d-----w   C:\Program Files\Rockstar Games
2008-05-30 10:11   ---------   d-----w   C:\Program Files\Google
2008-05-29 19:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-22 21:29   ---------   d-----w   C:\Program Files\BSplayerPro
2008-05-22 21:16   ---------   d-----w   C:\Program Files\CCleaner
2008-05-22 21:09   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09   ---------   d-----w   C:\PROGRA~2\Malwarebytes
2008-05-22 20:48   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-21 17:06   ---------   d-----w   C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18   50,768   ----a-w   C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34   ---------   d-----w   C:\Program Files\Windows Mail
2008-05-14 21:34   ---------   d-----w   C:\PROGRA~2\Microsoft Help
2008-05-04 15:27   ---------   d-----w   C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21   ---------   d-----w   C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09   ---------   d-----w   C:\Program Files\Subdownloader
2008-04-15 05:31   ---------   d-----w   C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21   2,838,440   ----a-w   C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39   3,573,192   ----a-w   C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47   9,733,451   ----a-w   C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-02 01:45   32   ----a-w   C:\PROGRA~2\ezsid.dat
2007-12-24 19:16   174   --sha-w   C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42   67,584   --s-a-w   C:\Windows\bootstat.dat
2008-06-09 16:28:01   67,584   --s-a-w   C:\Windows\bootstat.dat
- 2008-06-09 12:18:24   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26   262,144   ---ha-w   C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32   107,416   ----a-w   C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42   107,416   ----a-w   C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42   88,416   ----a-w   C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32   618,272   ----a-w   C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42   618,272   ----a-w   C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42   467,808   ----a-w   C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

311   --- E O F ---   2008-06-06 19:01:02

Lue lisää

scannaa uusi hjt;n loki

============

mites kone on ruvennut toimimaan

muumi-peikko kirjoitti:

Koitin äsken kaikkii sivui mihin en ennen päässy ja kun tuli poistettua niitä virusohjelmia ja nyt pelittää :D

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 842

20:17:25 9.6.2008
mbam-log-6-9-2008 (20-17-25).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 125482
Kulunut aika: 22 minute(s), 59 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

FixFix kirjoitti:

scannaa uusi hjt;n loki

============

mites kone on ruvennut toimimaan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:10, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8438 bytes

muumi-peikko kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:10, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8438 bytes

Lue lisää

tuolta servicet sammuksiin

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

===============

Mene käynnistä -> suorita -> services.msc -> ok

kato löydätkö noi yllä olevat serviset

tuplaklikkaa jos löytyy laita seis alasvetovalikosta ei käytössä ja käytä ja ok

===========

laita vielä uusi hjt:n loki

FixFix kirjoitti:

tuolta servicet sammuksiin

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)

===============

Mene käynnistä -> suorita -> services.msc -> ok

kato löydätkö noi yllä olevat serviset

tuplaklikkaa jos löytyy laita seis alasvetovalikosta ei käytössä ja käytä ja ok

===========

laita vielä uusi hjt:n loki

Lue lisää

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:34, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8184 bytes

muumi-peikko kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:34, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8184 bytes

Lue lisää

se on niinkuin kuuluukin olla

FixFix kirjoitti:

se on niinkuin kuuluukin olla

Nyt ei mikään nettisivu lagi mutta tää suomi24 lagaa jonku verra mut johtuu kai ruuhkasta... kun kaikki muut toimii mainiosti.