Omaa käyttäjäprofiilia avattaessa herjaa kahta RunDLL

kulottaja · May 18, 2008

Ajettu ad-aware, spybot ja yritetty ajaa escan, josta herjaus; "Internal error!!! This could be because of incorrect system date setting." eli ei onnistunut skannaus sillä.
Eli tässä ois ohessa hjt-logi, jos joku viitsisi vilkaista ja kertoa missä mättää!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:08, on 18.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0 (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [MSServer] rundll32.exe C:\Users\Muru\AppData\Local\Temp\mlJBSMcy.dll,#1 (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [cmds] rundll32.exe C:\Users\Muru\AppData\Local\Temp\vTLcdebX.dll,c (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [1050aba3] rundll32.exe "C:\Users\Muru\AppData\Local\Temp\vhikpnot.dll",b (User 'Muru')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8697 bytes

kalminen · May 19, 2008

Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Mene > Ohjauspaneeli > Käyttäjätilit > Toisen tilin hallinta
Täälä näet kenellä on Järjestelmänvalvojan tunnus.
-------------------------------------------------------------------
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\Windows\system32\ActiveToolBand.dll
C:\Users\Muru\AppData\Local\Temp\mlJBSMcy.dll
C:\Users\Muru\AppData\Local\Temp\vTLcdebX.dll
C:\Users\Muru\AppData\Local\Temp\vhikpnot.dll

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
------------------------------------------------------------------
Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis (HJT):ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0 (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [MSServer] rundll32.exe C:\Users\Muru\AppData\Local\Temp\mlJBSMcy.dll,#1 (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [cmds] rundll32.exe C:\Users\Muru\AppData\Local\Temp\vTLcdebX.dll,c (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [1050aba3] rundll32.exe "C:\Users\Muru\AppData\Local\Temp\vhikpnot.dll",b (User 'Muru')
O13 - Gopher Prefix:
O20 - AppInit_DLLs:

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

kulottaja · May 19, 2008

Hei! Kiitos vastauksesta kalminen!

Olin jo kerennyt fixata nämä rivit hjt:llä

O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [MSServer] rundll32.exe C:\Users\Muru\AppData\Local\Temp\mlJBSMcy.dll,#1 (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [cmds] rundll32.exe C:\Users\Muru\AppData\Local\Temp\vTLcdebX.dll,c (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [1050aba3] rundll32.exe "C:\Users\Muru\AppData\Local\Temp\vhikpnot.dll",b (User 'Muru')

Mutta toimin silti ohjeidesi mukaan ja tässä logit:

ComboFix 08-05-15.3 - Päällikkö 2008-05-19 12:42:33.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1252 [GMT 3:00]
Running from: C:\Users\Muru\Desktop\ComboFix.exe
Command switches used :: C:\Users\Päällikkö\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Muru\AppData\Local\Temp\mlJBSMcy.dll
C:\Users\Muru\AppData\Local\Temp\vhikpnot.dll
C:\Users\Muru\AppData\Local\Temp\vTLcdebX.dll
C:\Windows\system32\ActiveToolBand.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ActiveToolBand.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-19 to 2008-05-19 )))))))))))))))))
.

2008-05-19 11:24 . 2008-05-19 11:24 <KANSIO> d-------- C:\Windows\$regcmp$
2008-05-19 11:09 . 2008-05-19 11:09 <KANSIO> d-------- C:\Users\Muru\AppData\Roaming\Malwarebytes
2008-05-19 10:17 . 2008-05-19 10:17 <KANSIO> d-------- C:\Users\Päällikkö\AppData\Roaming\Malwarebytes
2008-05-19 10:17 . 2008-05-19 10:17 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-05-19 10:17 . 2008-05-19 10:17 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-05-18 14:39 . 2008-05-18 14:39 524,288 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 14:39 . 2008-05-18 14:39 524,288 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TMContainer00000000000000000002.regtrans-ms
2008-05-18 14:39 . 2008-05-19 12:25 524,288 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 14:39 . 2008-05-19 12:25 524,288 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TMContainer00000000000000000001.regtrans-ms
2008-05-18 14:39 . 2008-05-19 12:25 65,536 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TM.blf
2008-05-18 14:39 . 2008-05-19 12:25 65,536 --ahs---- C:\Users\Päällikkö\ntuser.dat{1b356390-24ca-11dd-bb87-9ad8a4d62e79}.TM.blf
2008-05-18 14:38 . 2008-05-19 12:07 <KANSIO> d-------- C:\hjt
2008-05-18 14:23 . 2008-05-18 14:23 <KANSIO> d-------- C:\Users\Muru\DoctorWeb
2008-05-18 13:28 . 2008-05-18 14:55 <KANSIO> d-------- C:\VundoFix Backups
2008-05-18 00:36 . 2008-05-18 14:12 <KANSIO> d-------- C:\Downloads
2008-05-18 00:36 . 2008-05-18 14:10 <KANSIO> d-------- C:\Bases
2008-05-18 00:34 . 2008-05-18 14:12 <KANSIO> d-------- C:\Kaspersky
2008-05-16 23:24 . 2008-05-19 11:35 <KANSIO> d-------- C:\Program Files\MagicISO
2008-05-16 23:21 . 2008-05-16 23:21 <KANSIO> d-------- C:\Users\Muru\AppData\Roaming\DAEMON Tools
2008-05-16 23:19 . 2008-05-17 15:36 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-16 23:09 . 2008-05-19 01:03 <KANSIO> d-------- C:\Users\Päällikkö\AppData\Roaming\DAEMON Tools
2008-05-16 23:09 . 2008-05-16 23:09 717,296 --a------ C:\Windows\System32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 09:45 2,621,440 ----a-w C:\Users\Päällikkö\ntuser.dat
2008-05-19 09:45 2,621,440 ----a-w C:\Users\Päällikkö\ntuser.dat
2008-05-19 08:37 --------- d-----w C:\Program Files\ProgDVB
2008-05-19 07:17 --------- d-----w C:\Users\Päällikkö\AppData\Roaming\Malwarebytes
2008-05-18 22:03 --------- d-----w C:\Users\Päällikkö\AppData\Roaming\DAEMON Tools
2008-05-18 15:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-17 22:05 240,286,792 ----a-w C:\Windows\DUMP927e.tmp
2008-05-17 18:28 --------- d-----w C:\Users\Muru\AppData\Roaming\Skype
2008-05-17 18:13 --------- d-----w C:\Users\Muru\AppData\Roaming\uTorrent
2008-05-14 18:02 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 04:19 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 11:56 --------- d-----w C:\Users\Muru\AppData\Roaming\SystemRequirementsLab
2008-04-18 11:56 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-16 19:28 174 --sha-w C:\Program Files\desktop.ini
2008-04-16 19:21 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Journal
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Defender
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-16 19:15 --------- d-----w C:\Program Files\Windows Calendar
2008-04-16 19:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-16 19:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-16 17:54 --------- d---a-w C:\ProgramData\TEMP
2008-04-16 17:54 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 15:17 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-14 12:01 --------- d-----w C:\Users\Muru\AppData\Roaming\GARMIN
2008-04-10 18:44 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-04-10 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 14:43 --------- d-----w C:\Program Files\ZyDAS Technology Corporation
2008-04-09 14:44 --------- d-----w C:\Users\Muru\AppData\Roaming\skypePM
2008-04-02 08:24 --------- d-----w C:\Users\Vieras\AppData\Roaming\PC Suite
2008-03-30 20:06 --------- d-----w C:\Users\Muru\AppData\Roaming\Nokia Multimedia Player
2008-03-24 18:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-16 17:52 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-16 17:52 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-29 15:28 22,328 ----a-w C:\Users\Päällikkö\AppData\Roaming\PnkBstrK.sys
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 19:08 691,545 ----a-w C:\Windows\unins000.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_su 18.05.2008_19.50.53,31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 14:16:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-19 08:41:13 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-18 12:31:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-19 08:41:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-18 12:31:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-19 08:41:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-18 12:45:14 1,400,832 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-19 08:42:34 1,400,832 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-05-18 12:45:09 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-19 08:42:28 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-05-18 12:33:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-19 08:32:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-18 12:33:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 08:32:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 12:33:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-19 08:32:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-18 12:38:15 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 08:47:24 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-18 12:38:15 85,240 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-05-19 08:47:24 85,240 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-05-18 12:38:15 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 08:47:24 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-18 12:38:15 443,896 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-05-19 08:47:25 443,896 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-05-18 11:06:36 6,912 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-523991676-1165911307-1585559835-1002_UserData.bin
+ 2008-05-19 08:43:20 7,298 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-523991676-1165911307-1585559835-1002_UserData.bin
- 2008-05-18 11:59:58 70,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 08:43:20 70,884 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-18 10:54:08 2,850 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-05-19 08:07:01 4,458 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-18 11:06:29 44,010 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 08:43:18 44,162 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-18 14:17:00 275,660 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-05-19 04:40:07 277,918 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-18 05:30 262401]
"Skytel"="Skytel.exe" [2007-03-16 10:06 1822720 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-04-10 17:43:32 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exeV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exeV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exeVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{51456DEA-418E-439A-9BD9-E7881A2352FB}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0DE59051-87C2-4D0B-9DD2-3520C4609988}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{78BEFB75-B39F-44BD-945D-68FD11DC9927}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{A7C6A120-1334-42A9-80A7-76A77B5922FB}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{466B9953-2B3D-483A-9B8E-13D739197DF0}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{FC52107C-64F0-49EB-A224-572211C0FC9A}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{D44BFE9E-6313-4F3A-9069-38D870EB3D53}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A1653278-FDCD-4E5A-B34F-4D17DD0DE649}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{542E0D4A-6FBC-4EDE-BCC2-610AF2D9D221}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{23A6CCC3-013B-46C4-B6FF-4C3460EC05CF}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6B4CE401-3C2A-4144-848D-A7C77B75675A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DD5E7A6C-4830-484F-9C94-88DAE0C3C7C6}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{0F789417-95A3-4D06-A160-9FC668C9114B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{620F0F2B-6A08-4FBB-B20D-7BDECC6566E4}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{769FE621-5D58-4187-A4AA-766C276E99CF}C:\\valve\\steam\\steamapps\\riesa\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\riesa\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{B0C6EF66-41B7-4AB6-B584-E4B95918C71D}C:\\valve\\steam\\steamapps\\riesa\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\riesa\condition zero\hl.exe:Half-Life Launcher
"{7072954B-B13D-47D6-AFF9-D153FCDE651F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{122D1E48-0DD6-4CD0-AF48-6C42E313C211}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{835860C0-9F6E-45BC-A999-A54985507EC3}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{AC222C6E-D742-4AFE-9BC2-295E51CBFB21}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{68B29FBE-B0B3-473A-AC7C-89FB4769CDB6}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{846E764E-C745-427A-BE32-5BB71954CC9F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{51A7F408-1BDA-4CEC-BA1D-860FF39DCD00}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{5A436D38-4526-43D0-84BD-FE80BD8B08E4}C:\\kaspersky\\kavupd.exe"= UDP:C:\kaspersky\kavupd.exe:kavupd
"UDP Query User{3E1437FF-6C35-4AE5-BFE7-1581558906D3}C:\\kaspersky\\kavupd.exe"= TCP:C:\kaspersky\kavupd.exe:kavupd

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-11-30 13:14]
R3 mod7700;DiBcom based TV tuner device;C:\Windows\system32\DRIVERS\mod7700.sys [2007-02-20 13:26]
R3 MODRC;Ultima Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 13:10]
S3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\Drivers\AF15BDA.sys [2006-09-28 06:47]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 17:04]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-12 22:42]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 12:45:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 12:46:56
ComboFix-quarantined-files.txt 2008-05-19 09:46:52
ComboFix2.txt 2008-05-18 16:51:32
ComboFix3.txt 2008-05-18 12:08:30

Pre-Run: 49,611,190,272 tavua vapaana
Post-Run: 49,578,201,088 tavua vapaana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:38, on 19.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\hjt\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide (User 'Muru')
O4 - HKUS\S-1-5-21-523991676-1165911307-1585559835-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Muru')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7494 bytes

Vieläkö näissä on skeidaa?

kalminen · May 19, 2008

Puhdasta on !!!
Sulla näkyy olevan Malwarebytes sillä voit varmistaa:
******************************************
Kirjoita windowsin käynnistävalikon Aloita haku-kenttään ComboFix.exe /u paina OK
***************************************************************************
Hyvää ja puhdasta kesää !!!

kulottaja · May 19, 2008

Kiitos vaivannäöstä ja erittäin hyvää kesää myös sinulle!

Log in or Sign up

Omaa käyttäjäprofiilia avattaessa herjaa kahta RunDLL

kulottaja Member

kalminen Regular member

kulottaja Member

kalminen Regular member

kulottaja Member

Share This Page

Log in or Sign up

Omaa käyttäjäprofiilia avattaessa herjaa kahta RunDLL

kulottaja Member

kalminen Regular member

kulottaja Member

kalminen Regular member

kulottaja Member

Share This Page

Useful Searches