Pari viikkoo sitte huomasin, että muutamille sivuille en pääse. Luukkuun, XNXX:ään, Imageshack:iin kun yritän mennä: "Yhteys keskeytyi" "Yhteys palvelimeen alustettiin kesken latauksen."
Ja varmaan muitakin sivuja on.
Välillä kun yritän päästä vaikka kirjottamaa vastausta foorumeille ni saan odottaa 5-10min ja välil tekee sillai et on vaa ihan tyhjä sivu ja pitää painaa 'päivitä' et pääsee jatkamaa...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:23, on 8.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9574 bytes
Netti ei pelitä -> HijackThis-logi
27
996
Vastaukset
- FixFix
Mitäs virusohjelmaa käytät
sillä niitä löytyy koneelta kaksi
*****
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
*****
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.- muumi-peikko
Mul on AVG mikä ei oo aktiviine, Avast!, Superantispyware, Malware ja Eset NOD32 30pv:n koekäyttö.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:06, on 8.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9184 bytes
--------------------------------------------------
ComboFix 08-06-07.3 - Mikko 2008-06-08 19:09:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1284 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
Tiedostoja ei ole luotu tällä aikavälillä
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:32 --------- d-----w C:\Program Files\ESET
2008-06-07 11:32 --------- d-----w C:\PROGRA~2\ESET
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-04 16:41 --------- d-----w C:\Program Files\Avira
2008-06-03 17:32 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-03 17:32 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-05 17:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 19:11:58
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-08 19:13:03
ComboFix-quarantined-files.txt 2008-06-08 16:12:58
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
179 --- E O F --- 2008-06-06 19:01:02 - FixFix
muumi-peikko kirjoitti:
Mul on AVG mikä ei oo aktiviine, Avast!, Superantispyware, Malware ja Eset NOD32 30pv:n koekäyttö.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:06, on 8.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9184 bytes
--------------------------------------------------
ComboFix 08-06-07.3 - Mikko 2008-06-08 19:09:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1284 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
Tiedostoja ei ole luotu tällä aikavälillä
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 11:32 --------- d-----w C:\Program Files\ESET
2008-06-07 11:32 --------- d-----w C:\PROGRA~2\ESET
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-04 16:41 --------- d-----w C:\Program Files\Avira
2008-06-03 17:32 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-03 17:32 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-05 17:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 19:11:58
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-08 19:13:03
ComboFix-quarantined-files.txt 2008-06-08 16:12:58
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
179 --- E O F --- 2008-06-06 19:01:02että yksi virusohjelma koneella ja yksi palomuuri
avg virustorjuntaa tuossa ei ole, on vain skanneri
avasti ja nod siellä tappelee keskenään
eli poista tuo
Eset NOD32 30pv:n koekäyttö.
poista anakin lisää poista sovelutuksesta
SUPERAntiSpyware
AVG Anti-Spyware 7.5
ja poista kansio vikasiedossa
C:\Program Files\==> SUPERAntiSpyware Grisoft - muumi-peikko
FixFix kirjoitti:
että yksi virusohjelma koneella ja yksi palomuuri
avg virustorjuntaa tuossa ei ole, on vain skanneri
avasti ja nod siellä tappelee keskenään
eli poista tuo
Eset NOD32 30pv:n koekäyttö.
poista anakin lisää poista sovelutuksesta
SUPERAntiSpyware
AVG Anti-Spyware 7.5
ja poista kansio vikasiedossa
C:\Program Files\==> SUPERAntiSpyware GrisoftKun oon noi tehny ni sitte uudet lokit?
- FixFix
muumi-peikko kirjoitti:
Kun oon noi tehny ni sitte uudet lokit?
hjt:n loki
******
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
*******
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi. - myös Norton
muumi-peikko kirjoitti:
Kun oon noi tehny ni sitte uudet lokit?
poistettu oikein? Tietoturvassa määrä ei korvaa laatua.
- muumi-peikko
FixFix kirjoitti:
että yksi virusohjelma koneella ja yksi palomuuri
avg virustorjuntaa tuossa ei ole, on vain skanneri
avasti ja nod siellä tappelee keskenään
eli poista tuo
Eset NOD32 30pv:n koekäyttö.
poista anakin lisää poista sovelutuksesta
SUPERAntiSpyware
AVG Anti-Spyware 7.5
ja poista kansio vikasiedossa
C:\Program Files\==> SUPERAntiSpyware GrisoftEn voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa? - muumi-peikko
myös Norton kirjoitti:
poistettu oikein? Tietoturvassa määrä ei korvaa laatua.
Siit o joku 3-4kk ku poistin sen.
- FixFix
muumi-peikko kirjoitti:
En voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa?mitäs lupaa se tarvii
scannaas uusi hjt:n loki - muumi-peikko
FixFix kirjoitti:
mitäs lupaa se tarvii
scannaas uusi hjt:n lokiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:06, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8644 bytes - FixFix
muumi-peikko kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:06, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8644 bytesvalvojan oikeuksilla koneella
scannaa hjt:llä merkkaa paina Fix checked
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
***********
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
*********
Poista vikasiedossa kansio
C:\Program Files\==> ESET - sammuttaa
muumi-peikko kirjoitti:
En voi poistaa sitä ku tarvii jonku luvan siihe.
Pitääkö odottaa se 30pv vai joku keino saada lupa?ensin, sitten poistoon. Kts., että prosessi eknl.exe poistuu tehtävienhallinnasta. Siinä muita lupia tartte.
- tuli typo
sammuttaa kirjoitti:
ensin, sitten poistoon. Kts., että prosessi eknl.exe poistuu tehtävienhallinnasta. Siinä muita lupia tartte.
ekrn.exe
- muumi-peikko
FixFix kirjoitti:
valvojan oikeuksilla koneella
scannaa hjt:llä merkkaa paina Fix checked
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
***********
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
*********
Poista vikasiedossa kansio
C:\Program Files\==> ESETNyt ku yritin poistaa "Toimintoa ei voi viimeistellä, koska kansio on avattu jossakin toisessa ohjelmassa" "Sulje kansio ja yritä uudelleen."
- FixFix
muumi-peikko kirjoitti:
Nyt ku yritin poistaa "Toimintoa ei voi viimeistellä, koska kansio on avattu jossakin toisessa ohjelmassa" "Sulje kansio ja yritä uudelleen."
yksi eset ei nyt voi olla noin ilkee
- muumi-peikko
FixFix kirjoitti:
yksi eset ei nyt voi olla noin ilkee
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:20, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8393 bytes
__________________________________________________
ComboFix 08-06-07.3 - Mikko 2008-06-09 16:10:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1215 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Resident AV is active
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
Tiedostoja ei ole luotu tällä aikavälillä
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 19:33 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-07 11:32 --------- d-----w C:\Program Files\ESET
2008-06-07 11:32 --------- d-----w C:\PROGRA~2\ESET
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-05 17:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 16:12:13
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-09 16:13:08
ComboFix-quarantined-files.txt 2008-06-09 13:13:04
ComboFix2.txt 2008-06-09 12:26:29
ComboFix3.txt 2008-06-08 16:13:03
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
162 --- E O F --- 2008-06-06 19:01:02 - FixFix
muumi-peikko kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:20, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8393 bytes
__________________________________________________
ComboFix 08-06-07.3 - Mikko 2008-06-09 16:10:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1215 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
* Resident AV is active
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
Tiedostoja ei ole luotu tällä aikavälillä
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 19:33 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-07 11:32 --------- d-----w C:\Program Files\ESET
2008-06-07 11:32 --------- d-----w C:\PROGRA~2\ESET
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-05 17:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 17:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 16:12:13
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-09 16:13:08
ComboFix-quarantined-files.txt 2008-06-09 13:13:04
ComboFix2.txt 2008-06-09 12:26:29
ComboFix3.txt 2008-06-08 16:13:03
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
162 --- E O F --- 2008-06-06 19:01:02pois
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
Folder::
C:\Program Files\ESET
C:\PROGRA~2\ESET
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. - muumi-peikko
FixFix kirjoitti:
pois
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
Folder::
C:\Program Files\ESET
C:\PROGRA~2\ESET
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.
ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
Tiedostoja ei ole luotu t„ll„ aikav„lill„
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-05 13:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42 67,584 --s-a-w C:\Windows\bootstat.dat
2008-06-09 16:28:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-09 12:18:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32 107,416 ----a-w C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32 88,416 ----a-w C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42 88,416 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32 618,272 ----a-w C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32 467,808 ----a-w C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42 467,808 ----a-w C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
311 --- E O F --- 2008-06-06 19:01:02 - muumi-peikko
muumi-peikko kirjoitti:
Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.
ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
Tiedostoja ei ole luotu t„ll„ aikav„lill„
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-05 13:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42 67,584 --s-a-w C:\Windows\bootstat.dat
2008-06-09 16:28:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-09 12:18:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32 107,416 ----a-w C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32 88,416 ----a-w C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42 88,416 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32 618,272 ----a-w C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32 467,808 ----a-w C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42 467,808 ----a-w C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
311 --- E O F --- 2008-06-06 19:01:02Koitin äsken kaikkii sivui mihin en ennen päässy ja kun tuli poistettua niitä virusohjelmia ja nyt pelittää :D
- FixFix
muumi-peikko kirjoitti:
Eipä näy kansiotakaan enää eikä tuolla kellon vieressä alapalkissa.
ComboFix 08-06-07.3 - Mikko 2008-06-09 19:24:05.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1150 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mikko\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~2\ESET
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Installer\42b9.msi
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\eScan\ndl3528.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod066E.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5E93.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod5F2F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod6188.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_89.202.157.139\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u33.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u35.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u38.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u40.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u41.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u42.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u45.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u46.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u48.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_u49.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com\update.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\lastupd.ver
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod297F.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod2B7C.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod5660.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod63B4.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod6F14.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\nod71B8.nup
C:\PROGRA~2\ESET\ESET NOD32 Antivirus\Updfiles\upd.ver
C:\Program Files\ESET
C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\easdrv\easdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\eset.chm
C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf
C:\Program Files\ESET\ESET NOD32 Antivirus\http_dll.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
Tiedostoja ei ole luotu t„ll„ aikav„lill„
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 19:33 --------- d-----w C:\Users\Mikko\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 14:38 --------- d-----w C:\Program Files\Java
2008-06-06 14:37 --------- d-----w C:\Program Files\Common Files\Java
2008-06-05 13:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 13:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-03 17:32 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\skypePM
2008-06-03 17:11 --------- d-----w C:\Users\Mikko\AppData\Roaming\Skype
2008-06-02 21:36 --------- d-----w C:\Program Files\Rockstar Games
2008-05-30 10:11 --------- d-----w C:\Program Files\Google
2008-05-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:29 --------- d-----w C:\Program Files\BSplayerPro
2008-05-22 21:16 --------- d-----w C:\Program Files\CCleaner
2008-05-22 21:09 --------- d-----w C:\Users\Mikko\AppData\Roaming\Malwarebytes
2008-05-22 21:09 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-22 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 17:06 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 21:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 21:34 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-04 15:27 --------- d-----w C:\PROGRA~2\CanonIJPLM
2008-04-29 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-29 18:02 --------- d-----w C:\Users\Mikko\AppData\Roaming\Download Manager
2008-04-17 16:22 --------- d-----w C:\Users\Mikko\AppData\Roaming\mIRC
2008-04-16 18:09 --------- d-----w C:\Program Files\Subdownloader
2008-04-15 05:31 --------- d-----w C:\Users\Mikko\AppData\Roaming\LimeWire
2008-02-13 18:21 2,838,440 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-06 20:39 3,573,192 ----a-w C:\Program Files\daemon4112-lite.exe
2008-01-03 21:47 9,733,451 ----a-w C:\Program Files\vlc-0.8.6d-win32.exe
2008-01-02 01:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 01:45 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-24 19:16 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-06-09_15.25.53,97 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 12:16:42 67,584 --s-a-w C:\Windows\bootstat.dat
2008-06-09 16:28:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-09 12:18:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-09 12:18:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-06-09 16:28:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-09 12:17:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-09 16:28:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-09 12:17:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-09 16:28:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-09 12:21:32 107,416 ----a-w C:\Windows\System32\perfc009.dat
2008-06-09 16:07:42 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-09 12:21:32 88,416 ----a-w C:\Windows\System32\perfc00B.dat
2008-06-09 16:07:42 88,416 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-09 12:21:32 618,272 ----a-w C:\Windows\System32\perfh009.dat
2008-06-09 16:07:42 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-09 12:21:32 467,808 ----a-w C:\Windows\System32\perfh00B.dat
2008-06-09 16:07:42 467,808 ----a-w C:\Windows\System32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 03:56 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{BA9E4734-FCA3-443D-9533-2FE517DAA926}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C55131D-0D82-4BD0-B2C5-7AA30391D093}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{664D8727-C9D6-4EAA-888F-3A3F6520604A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{C9B12D24-A71C-423F-A01C-B2D35BA9CBE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3E7A2CDE-04B2-4265-8066-51C00EDE0BBD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B55C3E75-E23B-453A-8967-4DA55D18EB82}"= UDP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"{7F74D4DA-2F5A-431D-82AB-87DE0B544851}"= TCP:C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:Wolfenstein - Enemy Territory
"TCP Query User{C63E5D9D-610A-4740-873D-96C0096DE191}C:\\program files\\dc \\dcplusplus.exe"= UDP:C:\program files\dc \dcplusplus.exe:DC
"UDP Query User{36FDCF57-032B-4410-BE04-2A11A2CFEDE3}C:\\program files\\dc \\dcplusplus.exe"= TCP:C:\program files\dc \dcplusplus.exe:DC
"{5FDD53B9-28D2-48A0-917C-D8A20CE4ECB8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{00B29681-E10D-4FFE-AB52-0694594EAF17}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A32EED52-19A5-4122-A8DC-05817628BF5A}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= UDP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"UDP Query User{9FF3578B-4756-4B1D-92AE-62E8708E55AE}C:\\program files\\rockstar games\\grand theft auto vice city\\gta-vc.exe"= TCP:C:\program files\rockstar games\grand theft auto vice city\gta-vc.exe:gta-vc
"TCP Query User{EB25FF93-48AC-4D78-81C4-F9473412BEC4}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2FCC9BB7-5E8C-45CC-8B9E-6FA8C01AE0AB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0F0504DE-C537-4A3F-8909-A4915ACC730B}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"{234AEC8A-0981-425D-86E6-F197620BEC58}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe:Play GTA San Andreas
"TCP Query User{12EC90E4-FCCD-415C-AA5E-90BB84256D14}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{5024C473-7AA3-4ABE-921C-803BC9EE2439}C:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"TCP Query User{A14647B1-196D-423E-B6F9-C7AB467E99A8}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{5B38312A-1FC8-4648-88C9-278F420F09AE}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{3650C8AE-FA30-4591-9306-0AD6ACC8D193}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C8436B8E-BDFA-4ADD-86EA-969DF610572F}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E6C36405-C637-4197-8E98-BDAB8853F4BC}"= UDP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"{57428B45-0BED-4AB4-B179-3D75512492BE}"= TCP:C:\Program Files\Rockstar Games\GTA San Andreas\samp.exe:San Andreas Multiplayer
"TCP Query User{1B78F29C-7502-4725-8523-997905C527A7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FFB7FF04-F061-4497-B634-8D836F92EA51}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 09:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-16 17:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mikko.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:28:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Mikko\AppData\Local\Temp\CabDA66.tmp 27466 bytes
C:\Users\Mikko\AppData\Local\Temp\TarDA67.tmp 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:30:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 16:30:26
ComboFix2.txt 2008-06-09 13:13:09
ComboFix3.txt 2008-06-09 12:26:29
ComboFix4.txt 2008-06-08 16:13:03
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
J„rjestelm„ ei l”yd„ sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
311 --- E O F --- 2008-06-06 19:01:02scannaa uusi hjt;n loki
============
mites kone on ruvennut toimimaan - muumi-peikko
muumi-peikko kirjoitti:
Koitin äsken kaikkii sivui mihin en ennen päässy ja kun tuli poistettua niitä virusohjelmia ja nyt pelittää :D
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 842
20:17:25 9.6.2008
mbam-log-6-9-2008 (20-17-25).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 125482
Kulunut aika: 22 minute(s), 59 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty) - muumi-peikko
FixFix kirjoitti:
scannaa uusi hjt;n loki
============
mites kone on ruvennut toimimaanLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:10, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8438 bytes - FixFix
muumi-peikko kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:10, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8438 bytestuolta servicet sammuksiin
scannaa hjt:llä merkkaa paina Fix checked
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
===============
Mene käynnistä -> suorita -> services.msc -> ok
kato löydätkö noi yllä olevat serviset
tuplaklikkaa jos löytyy laita seis alasvetovalikosta ei käytössä ja käytä ja ok
===========
laita vielä uusi hjt:n loki - muumi-peikko
FixFix kirjoitti:
tuolta servicet sammuksiin
scannaa hjt:llä merkkaa paina Fix checked
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
===============
Mene käynnistä -> suorita -> services.msc -> ok
kato löydätkö noi yllä olevat serviset
tuplaklikkaa jos löytyy laita seis alasvetovalikosta ei käytössä ja käytä ja ok
===========
laita vielä uusi hjt:n lokiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:34, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8184 bytes - FixFix
muumi-peikko kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:34, on 9.6.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8184 bytesse on niinkuin kuuluukin olla
- muumi-peikko
FixFix kirjoitti:
se on niinkuin kuuluukin olla
Nyt ei mikään nettisivu lagi mutta tää suomi24 lagaa jonku verra mut johtuu kai ruuhkasta... kun kaikki muut toimii mainiosti.
- FixFix
vaihan tältä sivulta pois ei tätä kestä tällänen rauhalinenkaan
lakikoon vaikka maailman tappiin
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233124Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372486Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112149- 1141690
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1711398Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .241297Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2901234Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2761218- 621077