|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone sekasi...hijack logi
|
|
|
Tupmo
Junior Member
|
13. elokuuta 2008 @ 17:57 |
Linkki tähän viestiin
|
Juu eiköhän tuoll joku mätä. mutta mikä? =)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:15, on 13.8.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\Tupmo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tupmo\AppData\Local\Temp\urqQkigd.dll,c
O4 - HKCU\..\Run: [BMd91de23f] Rundll32.exe "C:\Users\Tupmo\AppData\Local\Temp\lrpeuscf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 11804 bytes
|
Senior Member
4 tuotearviota
|
13. elokuuta 2008 @ 22:01 |
Linkki tähän viestiin
|
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
Tupmo
Junior Member
|
14. elokuuta 2008 @ 18:51 |
Linkki tähän viestiin
|
Tässähän nämä:
ComboFix 08-08-13.05 - Tupmo 2008-08-14 18:32:39.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.1868 [GMT 3:00]
Running from: C:\Users\Tupmo\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-07-14 to 2008-08-14 )))))))))))))))))
.
2008-08-13 22:25 . 2008-08-13 22:25 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\Malwarebytes
2008-08-13 22:25 . 2008-08-13 22:25 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-08-13 22:25 . 2008-08-13 22:25 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-08-13 22:25 . 2008-08-13 22:25 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:25 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-13 22:25 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-13 17:53 . 2008-08-13 17:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-09 20:15 . 2008-08-09 20:15 <KANSIO> d-------- C:\vghd
2008-08-09 19:54 . 2008-08-09 20:13 <KANSIO> d-------- C:\Program Files\PowerISO
2008-08-07 20:55 . 2008-08-14 18:42 <KANSIO> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-07 20:55 . 2008-08-14 18:42 <KANSIO> d-------- C:\ProgramData\Kaspersky Lab
2008-08-07 20:55 . 2008-08-07 20:55 <KANSIO> d-------- C:\Program Files\Kaspersky Lab
2008-08-07 20:55 . 2008-08-14 18:38 2,483,744 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-08-07 20:55 . 2008-08-14 18:38 344,096 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-08-07 20:55 . 2008-08-07 20:59 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-08-07 20:55 . 2008-08-07 20:59 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-08-07 20:55 . 2008-08-14 18:38 21,532 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-08-07 20:55 . 2008-08-14 18:38 3,304 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-08-07 20:41 . 2008-08-07 20:41 <KANSIO> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-08-07 20:41 . 2008-08-07 20:41 <KANSIO> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-08-07 20:34 . 2008-08-09 19:27 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\vghd
2008-08-07 20:34 . 2008-08-07 20:34 152,920 --a------ C:\Windows\System32\vghd.scr
2008-08-07 20:33 . 2008-08-07 20:52 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-08-07 20:33 . 2008-08-07 20:52 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-08-07 18:34 . 2008-08-07 18:34 <KANSIO> d-------- C:\Windows\WinRAR
2008-08-05 17:18 . 2008-08-05 17:18 <KANSIO> d-------- C:\EGIS_Drive
2008-07-28 18:01 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-07-28 18:01 . 2008-07-28 18:01 319 --a------ C:\Windows\game.ini
2008-07-28 17:28 . 2008-07-28 17:28 <KANSIO> d-------- C:\Program Files\Activision
2008-07-25 15:18 . 2008-08-07 22:11 <KANSIO> d-------- C:\Program Files\Java
2008-07-25 15:18 . 2008-07-25 15:18 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-07-24 20:50 . 2008-07-24 20:50 <KANSIO> d-------- C:\Users\All Users\Apple Computer
2008-07-24 20:50 . 2008-07-24 20:50 <KANSIO> d-------- C:\ProgramData\Apple Computer
2008-07-24 20:49 . 2008-07-24 20:49 <KANSIO> d-------- C:\Users\All Users\Apple
2008-07-24 20:49 . 2008-07-24 20:49 <KANSIO> d-------- C:\ProgramData\Apple
2008-07-24 20:49 . 2008-07-24 20:49 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-07-24 20:42 . 2008-07-24 20:50 <KANSIO> d-------- C:\Program Files\QuickTime
2008-07-24 07:26 . 2008-08-13 21:39 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\uTorrent
2008-07-24 07:26 . 2008-07-24 07:26 <KANSIO> d-------- C:\Program Files\uTorrent
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Links
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-23 22:43 . 2008-07-23 22:43 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-07-23 22:43 . 2008-04-23 17:55 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll
2008-07-23 22:43 . 2008-04-23 17:55 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-07-23 22:43 . 2008-04-23 17:55 442,368 --a------ C:\Windows\System32\nvuninst.exe
2008-07-23 22:43 . 2008-04-23 17:55 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-07-23 22:43 . 2008-04-23 17:55 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-07-23 22:01 . 2008-07-23 22:01 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\.BitTornado
2008-07-23 22:00 . 2008-07-23 22:00 <KANSIO> d-------- C:\Program Files\BitTornado
2008-07-23 21:45 . 2008-07-23 21:45 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-07-23 20:02 . 2008-07-23 20:02 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\vlc
2008-07-23 20:01 . 2008-07-23 20:01 <KANSIO> d-------- C:\Program Files\ffdshow
2008-07-23 20:01 . 2008-06-08 23:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-07-23 20:01 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-07-23 20:01 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-07-23 19:56 . 2008-07-23 20:03 <KANSIO> d-------- C:\player
2008-07-23 19:55 . 2008-07-23 19:55 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\Media Player Classic
2008-07-23 19:47 . 2008-07-23 19:47 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-07-23 19:10 . 2008-07-23 19:17 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-23 19:09 . 2008-07-23 19:18 <KANSIO> d-------- C:\Program Files\Windows Live
2008-07-23 18:53 . 2008-07-23 18:53 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\CyberLink
2008-07-23 18:53 . 2008-07-23 18:53 <KANSIO> d-------- C:\Users\All Users\PlayMovie
2008-07-23 18:53 . 2008-07-23 18:53 <KANSIO> d-------- C:\ProgramData\PlayMovie
2008-07-23 18:45 . 2008-07-23 18:45 <KANSIO> d-------- C:\Windows\ACER
2008-07-23 18:45 . 2007-04-19 13:41 83,554,304 --a------ C:\Windows\System32\acer.scr
2008-07-23 18:45 . 2008-02-25 12:38 20,619,563 --a------ C:\Windows\System32\acer.exe
2008-07-23 18:44 . 2008-07-23 18:44 <KANSIO> d-------- C:\Convesoft
2008-07-23 18:43 . 2008-07-23 18:43 <KANSIO> d-------- C:\Users\Administrator\AppData
2008-07-23 18:34 . 2008-02-29 10:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-23 18:34 . 2008-02-29 10:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-23 18:34 . 2008-02-22 08:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-23 18:34 . 2008-02-29 09:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-23 18:34 . 2008-02-29 07:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-23 18:34 . 2008-02-29 09:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-23 18:34 . 2008-02-29 09:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-23 18:34 . 2008-02-29 10:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-23 18:34 . 2008-02-29 07:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-23 18:34 . 2008-02-29 09:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-23 18:32 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-23 18:32 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-23 18:32 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-23 18:30 . 2008-07-23 18:30 <KANSIO> d-------- C:\Users\Tupmo\Option
2008-07-23 18:30 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-23 18:29 . 2008-01-30 12:52 14,848 --a------ C:\Windows\System32\drivers\NTIDrvr.sys
2008-07-23 18:29 . 2008-01-30 12:51 13,824 --a------ C:\Windows\System32\drivers\UBHelper.sys
2008-07-23 18:28 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-23 18:28 . 2008-05-09 00:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-23 18:28 . 2008-05-09 00:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-23 18:28 . 2008-05-09 00:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-23 18:28 . 2008-05-09 00:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-23 18:28 . 2008-05-09 00:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-23 18:28 . 2008-05-09 00:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-23 18:28 . 2008-05-09 00:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-23 18:27 . 2008-07-23 19:09 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-07-23 18:27 . 2008-07-23 19:09 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-07-23 18:17 . 2008-07-24 16:20 <KANSIO> d-------- C:\Users\Tupmo\AppData\Roaming\Acer
2008-07-23 18:16 . 2008-01-16 18:35 82,432 --a------ C:\Windows\System32\msxml4r.dll
2008-07-23 18:16 . 2008-01-16 18:35 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-07-23 18:14 . 2008-07-23 20:12 <KANSIO> d-------- C:\Users\All Users\CyberLink
2008-07-23 18:14 . 2008-07-23 20:12 <KANSIO> d-------- C:\ProgramData\CyberLink
2008-07-23 18:12 . 2008-07-23 18:17 <KANSIO> d-------- C:\Program Files\Acer Arcade Deluxe
2008-07-23 18:11 . 2008-07-23 18:11 <KANSIO> d-------- C:\CLSetup
2008-07-23 18:11 . 2008-07-23 18:11 20 --a------ C:\Medion.ini
2008-07-23 18:04 . 2008-08-14 18:38 0 --a------ C:\Windows\System32\LogConfigTemp.xml
2008-07-23 18:03 . 2008-07-23 18:45 <KANSIO> d-------- C:\Program Files\Acer Inc
2008-07-23 18:03 . 2008-07-23 18:03 92 --a------ C:\Windows\GridV.UNI
2008-07-23 18:02 . 2008-07-23 18:02 <KANSIO> d-------- C:\Users\All Users\InstallShield
2008-07-23 18:02 . 2008-07-23 18:02 <KANSIO> d-------- C:\ProgramData\InstallShield
2008-07-23 18:02 . 2008-07-23 18:02 <KANSIO> d-------- C:\Program Files\Launch Manager
2008-07-23 18:02 . 2007-03-29 16:48 626,688 --a------ C:\Windows\Image.dll
2008-07-23 18:02 . 2008-02-22 09:33 491,520 --a------ C:\Windows\Acer Crystal Eye webcam.EXE
2008-07-23 18:02 . 2007-04-20 06:30 222,382 --a------ C:\Windows\Acer Crystal Eye webcam.ico
2008-07-23 18:02 . 2007-10-23 10:56 200,704 --a------ C:\Windows\PLFSetI.exe
2008-07-23 18:02 . 2006-05-16 11:58 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-07-23 18:02 . 2008-02-22 18:05 4,822 --a------ C:\Windows\Suyin.reg
2008-07-23 18:02 . 2008-07-23 18:02 83 --a------ C:\Windows\LManager.UNI
2008-07-23 18:02 . 2007-10-29 13:35 36 --a------ C:\Windows\PidList.ini
2008-07-23 18:00 . 2008-07-23 18:00 <KANSIO> d-------- C:\Windows\System32\es-MX
2008-07-23 18:00 . 2008-07-23 18:00 <KANSIO> d-------- C:\Windows\System32\es-AR
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 17:50 --------- d-----w C:\ProgramData\McAfee
2008-08-07 17:47 --------- d-----w C:\ProgramData\SiteAdvisor
2008-07-28 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 18:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-23 16:47 --------- d-----w C:\Program Files\VideoLAN
2008-07-23 15:43 --------- d-----w C:\Program Files\Cyberlink
2008-07-23 15:17 --------- d-----w C:\Program Files\Acer
2008-07-23 15:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 14:56 --------- d-----w C:\Program Files\Intel
2008-07-23 14:51 --------- d-sh--w C:\ProgramData\Työpöytä
2008-07-23 14:51 --------- d-sh--w C:\ProgramData\Tiedostot
2008-07-23 14:51 --------- d-sh--w C:\ProgramData\Suosikit
2008-07-23 14:51 --------- d-sh--w C:\ProgramData\Mallit
2008-07-23 14:51 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-07-23 14:51 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-07-07 07:40 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 12:26 1037608]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 03:36 544768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 21:36 28672]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-23 17:55 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-23 17:55 92704]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 09:03 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 14:44 178712]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-23 17:58 3673600]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-04-28 14:18 809480]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-25 19:44 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-25 19:44 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 17:28 167936]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 14:07 397312]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-07-24 20:42 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 10:34 167936]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 12:53 5296128 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-23 18:17:42 1216512]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 18:50:32 723760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-23 17:58 3130368 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{50E72D95-345D-40FC-BD34-9FEA76258837}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5E8251DB-4085-41F8-AC85-F56EACC50182}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FAFE5A6-49C9-4B27-B4EF-FF907F89FBB2}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8A346530-1E28-40B6-9375-8D641075583C}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{347344B2-BE0B-4ECF-9238-A0CF0F651D7F}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{B7623816-BF67-4E9C-940F-963744443466}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{1CC3D4B9-0440-414B-B07C-F22EE30B563F}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{65718459-7596-46C6-A711-83760871EC3B}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{401048E6-6FFD-4E19-B19C-F4C07731C60C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{27663051-B5F4-43E7-9DFD-FB7EBB074089}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{FCB99525-04BD-4CDC-A7B2-892281496F7A}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A6C38F28-735A-4141-9801-0981850AEFBF}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{965ECB18-8867-4187-983E-07F5ABA76968}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{097BE34E-C176-4517-8B92-7FAEBC42934D}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{71B28A58-0E6F-4FB5-9E15-2D0822E7D01A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9BB790D4-3770-4E9A-B074-38E460E7CC9D}"= UDP:32465:utorrent
"TCP Query User{1D4B22CD-E03C-449E-B926-AC9D8BADDF57}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{CE490C18-2DF3-4D3B-B8AA-A94F03203725}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{05C20538-0FD9-4B47-BEEE-572E575559F0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FFDAB629-42DD-4FB8-8A63-552E3BAEF711}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{1293FD61-3683-463A-AFD4-ACC7877FD0BD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{35A0A37B-B34F-4380-A9CD-7F16FE94E289}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-23 17:58]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-02 17:27]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 13:11]
R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 18:35]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 13:22]
R2 IGBASVC;iGroupTec Service;C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-07-23 17:58]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 21:36]
R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 18:35]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 21:36]
R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 17:03]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-04-27 22:26]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 17:12]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 14:38]
R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-04-27 22:27]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fi/
R0 -: HKLM-Main,Start Page = hxxp://fi.intl.acer.yahoo.com
O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 18:41:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\ACER\Mobility Center\MobilityService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Users\Tupmo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-08-14 18:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 15:44:15
Pre-Run: 95,073,673,216 tavua vapaana
Post-Run: 94,447,915,008 tavua vapaana
328 --- E O F --- 2008-07-24 14:34:53
Malwarebytes' Anti-Malware 1.24
Tietokantaversio: 1049
Windows 6.0.6001 Service Pack 1
17:22:32 14.8.2008
mbam-log-8-14-2008 (17-22-32).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 110595
Kulunut aika: 25 minute(s), 37 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 1
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 26
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\Users\Tupmo\AppData\Local\Temp\urqqkigd.dll (Trojan.Vundo) -> Delete on reboot.
Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd91de23f (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Users\Tupmo\AppData\Local\Temp\urqqkigd.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58EOT4RU\8579[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58EOT4RU\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58EOT4RU\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIZA8C2A\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIZA8C2A\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIZA8C2A\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W12HU76I\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W12HU76I\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W12HU76I\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W12HU76I\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W12HU76I\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X100H6CK\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\aarlhpeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\flutoaob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\folvywet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\gxehlmhf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\hvewjcyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\tdvklasa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\vagnklcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\ycscgojt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\qrgjojet.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\smmhncmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\cygvucat.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\dsnwaxnd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Tupmo\AppData\Local\Temp\nxhxwrbt.dll (Trojan.Agent) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:15, on 13.8.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\Tupmo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tupmo\AppData\Local\Temp\urqQkigd.dll,c
O4 - HKCU\..\Run: [BMd91de23f] Rundll32.exe "C:\Users\Tupmo\AppData\Local\Temp\lrpeuscf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 11804 bytes
|
|
Tupmo
Junior Member
|
15. elokuuta 2008 @ 17:45 |
Linkki tähän viestiin
|
|
vieläkö siellä näkyy jotain?
|
|
Hujo
Suspended permanently
|
19. elokuuta 2008 @ 10:28 |
Linkki tähän viestiin
|
|
hjt:n lokit on sama ei ole tuo alempi uusin.
Voiko tietsikka koskaan toimia?
|
|
Tupmo
Junior Member
|
20. elokuuta 2008 @ 18:05 |
Linkki tähän viestiin
|
jaah =)...no tuossa:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:40, on 20.8.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\Tupmo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...ex/qtplugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 10953 bytes
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
21. elokuuta 2008 @ 00:52 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Voiko tietsikka koskaan toimia?
|
|
