Kone hidastunut lokin tarkistus...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:53, on 4.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\TPK\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\FinnishIRC XP\FIRC.exe
C:\Windows\system32\taskeng.exe
C:\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{228B0595-7EF1-41B3-A3EF-260BDBE3575C}: NameServer = 212.116.32.218 212.116.32.222
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8172 bytes


mitähä voisi poistella turhina/haittoina?

 

Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
------------------------------------------------
Mene alapalkista vasemmalla lippu-pallo ==> Alin laatikko etsi: ja kirjoita siihen services.msc ja Entteriä.
Klikkaa Avautuva ikkuna suureksi ja ohjelma saraketta levität niin että näkyy kaikki.
Etsi
Symantec Lic NetConnect service
Klikkaa rivi aktiiviseksi ja
Hiiren oikealla napilla pääset ko. riviltä valikkoon ==> Ominaisuudet/Propertiers
josta muutat Ei käytössä. => Klikkaa käytä => OK Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu.
Poistu ohjelmasta.
---------------------------------------------------------------------------
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

AVG7

Käynnistä koneesi uudelleen:

Poista kansiot:
C:\Program Files\Grisoft\
C:\Program Files\Common Files\Symantec Shared\
-------------------------------------------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)

 

Kiitoksia taasen kerran asiantuntevasta neuvomisesta...


Tämän lisäksi klikkaat vasemmalla
puolella olevaa linkkiä Pysäytä palvelu. : Tuota en käsittänyt/löytänyt sieltä

Tässäpä tuorein loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:01, on 4.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Users\TPK\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{228B0595-7EF1-41B3-A3EF-260BDBE3575C}: NameServer = 212.116.32.218 212.116.32.222
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6772 bytes

 

Osa lähti hienosti puutteellisista ohjeista huolimatta.

Mutta HJT:n fixi jätti osan poistamattamatta:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O13 - Gopher Prefix:
Vista on joskus tosi uppiniskainen Fixien suhteen.
Kokeile HJT:tä käynnistäessäsi hiiren oikealla napilla tulevasta valikosta valita
"Käynnistä järjestelmän valvojana" noita uudelleen.
Ainakin [MSConfig]

 

Tässäpä ois uusin:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:57, on 5.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\p2phost.exe
C:\Users\TPK\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{228B0595-7EF1-41B3-A3EF-260BDBE3575C}: NameServer = 212.116.32.218 212.116.32.222
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6710 bytes

 

mikähän vielä mättää, kun ennen tuuletin ei ollut näin kovaääninen... tuntuu että pätkii vieläkin... esim bsplayerilla videoita katselee niin pätkii aika useesti

 

Nyt meni läpi.
Nuo loput ohjelmat on ilmeisesti sellaasia joita sä tarviit.
----------------------------------------------------------------
Alapalkista Start/Käynnistä => Kaikki ohjelmat => Windows Defender auki.
Defender ikkunasta työkalut => Asetukset => ruxi pois kohdasta Käytä realiaikaista suojausta.
Jätä automaattinen etsintä käyttöön. (pikatarkistus)
Muuta kellonaika siten, että kone on sulla normaalisti auki.
-----------------------------------------------------------------------------
Tämän voisit ajaa varmistukseksi JV:n ominaisuudella:
Ekalla kerralla se herjaa (CDM)
Toinen yritys yleensä meejo mallikkaasti.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==>> (C:\ComboFix.txt)

 

ComboFix 08-02.05.3 - TPK 2008-02-05 12:22:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1215 [GMT 2:00]
Running from: C:\Users\TPK\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-05 to 2008-02-05 )))))))))))))))))
.

2008-02-04 20:43 . 2008-02-04 20:43 <KANSIO> d-------- C:\Users\All Users\Avg7
2008-02-04 20:43 . 2008-02-04 20:43 <KANSIO> d-------- C:\ProgramData\Avg7
2008-02-04 09:01 . 2008-02-05 08:18 <KANSIO> d-------- C:\HiJackThis
2008-02-02 18:54 . 2008-02-03 14:32 <KANSIO> d-------- C:\Program Files\Full Tilt Poker
2008-01-30 09:17 . 2008-01-30 09:21 <KANSIO> d-------- C:\Program Files\PAFPoker
2008-01-15 07:42 . 2008-01-15 08:10 1,024 --a------ C:\test.bin
2008-01-09 11:07 . 2008-01-09 11:07 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 11:07 . 2008-01-09 11:07 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 11:07 . 2008-01-09 11:07 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 11:07 . 2008-01-09 11:07 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 11:07 . 2008-01-09 11:07 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 11:05 . 2008-01-09 11:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 11:05 . 2008-01-09 11:05 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 11:05 . 2008-01-09 11:05 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 11:05 . 2008-01-09 11:05 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 11:05 . 2008-01-09 11:05 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 11:05 . 2008-01-09 11:05 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 11:05 . 2008-01-09 11:05 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 11:05 . 2008-01-09 11:05 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 11:05 . 2008-01-09 11:05 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 11:05 . 2008-01-09 11:05 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 06:14 156,191 ----a-w C:\Users\TPK\AppData\Roaming\nvModes.dat
2008-02-02 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 15:04 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-13 15:30 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-01-13 15:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-01-09 10:21 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 09:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 09:05 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 09:05 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 09:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 09:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 16:21 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-02 16:18 --------- d--h--r C:\Users\TPK\AppData\Roaming\SecuROM
2008-01-02 16:18 --------- d-----w C:\Users\TPK\AppData\Roaming\F-Secure
2008-01-02 15:32 --------- d-----w C:\Program Files\PowerISO
2007-12-30 12:45 --------- d-----w C:\Program Files\Betsson Poker
2007-12-26 14:52 --------- d-----w C:\Program Files\BitComet
2007-12-21 11:12 --------- d-----w C:\Program Files\Ohjelmia
2007-12-20 06:54 --------- d-----w C:\Program Files\RevConnect
2007-12-18 12:19 --------- d-----w C:\ProgramData\MGS
2007-12-17 16:56 --------- d-----w C:\Users\TPK\AppData\Roaming\Microgaming
2007-12-17 16:52 --------- d-----w C:\Program Files\MGS FF Helper
2007-12-14 06:15 --------- d-----w C:\Program Files\WinArc
2007-12-13 05:40 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 05:39 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 05:39 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 05:38 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 05:38 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 05:38 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 05:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 05:38 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 05:38 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 05:37 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 05:37 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 05:34 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 05:34 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-10 19:45 --------- d-----w C:\Users\TPK\AppData\Roaming\CyberLink
2007-12-06 11:10 --------- d-----w C:\Program Files\FinnishIRC XP
2007-12-06 11:09 --------- d-----w C:\Users\TPK\AppData\Roaming\mIRC
2007-12-06 10:57 --------- d-----w C:\Program Files\CCleaner
2007-12-05 17:03 --------- d-----w C:\ProgramData\Symantec
2007-12-05 15:46 --------- d-----w C:\Program Files\PC Protection Plus
2007-12-05 15:43 --------- d-----w C:\ProgramData\F-Secure
2007-12-05 15:41 --------- d-----w C:\ProgramData\fssg
2007-11-18 01:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 07:56 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 07:56 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 07:56 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 07:55 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 07:55 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 07:55 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 07:55 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 07:55 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 07:55 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 07:55 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 07:53 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-15 07:53 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-13 15:54 174 --sha-w C:\Program Files\desktop.ini
2007-11-13 15:49 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-13 15:49 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-13 15:49 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-13 15:49 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-13 15:49 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-13 15:49 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-13 15:49 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-13 15:49 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-13 15:49 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-13 15:49 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-13 15:49 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-13 15:49 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-13 15:49 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-13 15:49 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-13 15:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-13 15:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-13 15:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-13 15:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-13 15:44 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-13 15:42 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-11-13 15:41 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-13 15:41 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-13 15:41 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-13 15:41 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-13 15:41 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-13 15:41 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-13 15:41 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-13 15:41 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-13 15:41 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-13 15:41 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-13 15:41 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-13 15:41 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-13 15:41 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-13 15:41 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-11-13 15:41 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-11-13 15:40 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-13 15:40 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-13 15:40 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-13 15:40 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-13 15:25 386,560 ----a-w C:\Windows\System32\WinSATAPI.dll
2007-11-13 15:25 3,217,408 ----a-w C:\Windows\System32\WinSAT.exe
2007-11-13 15:16 319,456 ----a-w C:\Windows\DIFxAPI.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:05 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 14:35 191488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 14:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"F-Secure Manager"="C:\Program Files\PC Protection Plus\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-27 15:20:30 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 14:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 03:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-08-15 11:21 772616 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
--------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-04-02 04:20 12288 C:\Program Files\Winamp\Winampa.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 15:27]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Protection Plus\HIPS\fshs.sys [2007-04-26 19:11]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 19:08]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-04-26 19:09]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\PC Protection Plus\Anti-Virus\minifilter\fsvista.sys [2007-04-26 19:07]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 18:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Protection Plus\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-02 15:17]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Protection Plus\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Protection Plus\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 12:25:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 12:27:13
ComboFix-quarantined-files.txt 2008-02-05 10:27:11
.
2008-02-01 18:02:24 --- E O F ---

 

Jotain pientä sieltä löytyi. (ja poistettiin)

Tämä oli luokiteltu haitalliseksi:
Politecnico di Torino

"=>esim bsplayerilla videoita katselee niin pätkii aika useesti <="
Näissä tilanteissa pitää sammutella käynnissäolevia ohjelmia:
Acerilla esm.. on paljon mausteita käytössä.
F-secure/selain hoitelee tämmöiset (Acer\WR_PopUp)
Vista tahmaa sellaisessa koneessa jossa XP pelittää vielä OK.

Acer eDataSecurity Management
Empowering Technology\eAudio\
\Acer\WR_PopUp\
\Windows Sidebar\
Windows Live\Messenger
NvMediaCenter
CollaborationHost
WindowsWelcomeCenter
Apoint2K

Harvoi näitä kaikkia yht'aikaa tarvitaan.

 

Empowering Technology\eAudio\
\Acer\WR_PopUp
NvMediaCenter
CollaborationHost
WindowsWelcomeCenter
Apoint2K


mitähän nuokin oikeestaan edes ovat?

 

Jos sulla on aikaa, niin voidaan käydä sun kone läpi kokonaan.

Ohjauspaneelin Ohjelmat ja toiminnot:
Poista asennus:
Acer eDataSecurity Management
PopUp stopperi (on ylimääräinen sulla)

Kerro koneesi tärkeimmät tiedot:
Muisti Gb
Väylä MHz
Prosessori ???

 

Joo kiitoksia vaan avustasi!

Tämmöstä tietoo: Ohjauspaneeli->järjestelmä


Valmistaja: acer
Malli: 7520
Suoritin: AMD Turion(tm)64 X2 MOBILE TECHNOLOGY TL-58 1,90 GHz
Muisti: (ram) 2047Mt
Järjestelmälaji: 32-Bittinen järjestelmä

Näytönohjain: NVIDIA GEFORCE 8600M Gs
Kovo: 320Gt Dual HDD (160gtx2)

 

Jatketaan:
Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
[1] Seuraavat ohjelmat ei ole välttämättömiä käynnistyksessä.(toimivat silti normaalisti)

[2] Kirjoita etsi-valikon kenttään msconfig paina OK
[3] Valitse oikealla sijaitseva Ohjelmat/Programs-välilehti.
[3] Jos joukossa on ohjelmia
eDataSecurity Loader
eAudio
WarReg_PopUp
NvMediaCenter
CollaborationHost
WindowsWelcomeCenter
ota ruksi ohjelman kohdalta pois. Oman harkintasi mukaan.
[5] Klikkaa sitten käytä ja OK.
[6] Samasta paikkaa ohjelman voi palauttaa StartMenuun.
Koneen uudelleen käynnistyksessä se kysyy mitä tehdään.
Otat uuden kokoonpanon käyttöön ja ruksi vasempaan alakulmaan
ettei kysy samaa jokakerta uudelleen.

==>> HJT logi
Nopeutuiko yhtään ?????

 

Joo kyl vaikuttas nyt että ois nopeutunut... kahttoo nyt iltasel kun videoo katon että vaikuttiko...

nämä ihmetyttää listassa ihtee:

O4 - HKLM\..\Run: [Skytel] Skytel.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe

<---mitä nuo on? saisko näppishiiren pois tuosta vai mikäse on (saako muuten sormihiirtä pois mitenkää, kun ärsyttää kun ainaa käsi siihen hipaisee).



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:46, on 5.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\TPK\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{228B0595-7EF1-41B3-A3EF-260BDBE3575C}: NameServer = 212.116.32.218 212.116.32.222
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5095 bytes

 

C:\Program Files\Apoint2K\Apoint.exe =>
Touchpad software for laptop PC's. For instance it is found on the Panasonic machines and allows
part of the touchpad to be used for document or Web-page scrolling. Required for proper
functioning of the pointing software but not required for the laptop to work

not required = ei tarpeellinen

Msconfig ==> [Apoint] ruxi pois jos et tarvii.

 

no nyt on kyl kone huomattavasti nopeempi...verrattuna eiliseen, ccleanerilla poistelin vieläpä jotain moskaa koneelta... ISO KIITOS sullekki!

Vielä yks juttu tiiätkö saako tuota sormihiirtä pois käytöstä?

 

Unohdin kysymyksesi äsken.
Ohjauspaneli ==> Hiiri ==> laitteistovälilehti ==>
Sen Hiiren ominaisuudet jonka haluat poistaa.
Ohjain välilehti ja valinta poista.
Käynnistä kone uudelleen.
Auttoiko ???

Suojaus ohjeet ovat vain oman kokemuseni mukaan.

Yksi virustutka ja yksi palomuuri.

Javan päivitys:
* http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 4

* Kyllä InternetExplorein päivitys kannattaa se on osa Winukan käyttöjärjestelmää.
Eli se käynnistyy aina, kun Winukkakin (ei pysty poistamaan kokonaan)

* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
SpywareBlasterin latauslinkki!


SpywareBlaster opas!

* Järjestelmän palautus!
Tyhjennä ja luo uusi järjestelmän palautuspiste säännöllisesti!
Näin vältyt siltä, että palautuspisteisiin ei jää örkkejä.
Kuinka putsaan järjestelmän palautuksen ja luon uuden palautus pisteen? Ohjeet löytyy täältä!

* Pidä ohjelmat päivitettyinä!
Muista pitää kaikki ohjelmat ajantasalla, myös Windows. Vieraile Windowsin päivityskeskuksessa säännöllisesti ja asenna kaikki päivitykset. Windowsin päivityskeskus.

 

No nyt ois nuoki tehty ohjeiden mukaan.

Tuon hiiren (PS-2)? otin poistin, mutta kun koneen käynnistää uudelleen niin alapalkissa lukee että otettiin käyttöön tjs.

Saakohan ollenkaan pois?

 

PS-2 on oikea hiiri jota käytät.
Acerin asiakastuesta vois kysyä.
Mulle "läppärit" on ihan vieraita 80286 aikojen jälkeen.