Saastunut kone puhtaaksi

Morjesta pöytään!
Läppäriin on päässy mömmöjä hitusen sisään. Siksi täältä apuja haen koska AVG:n ilmaisversio eikä SpyBot ohjelmat voi poistaa läheskään kaikkia haittoja mitä koneesta löytyy.
Oireita on että prossu käy todella usein 100% ja esim. liikkuvan kuvan katsominen tökkii pahasti.
Myös ei haitallisia mutta todella turhia ohjelmia löytyy,josko osaisitte neuvoa mitä kannattaa poistella..

Tässä HJT listaa niistä ymmärtäville

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:32, on 26.10.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\marko\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
D:\Nokia PC Suite 7\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
D:\Nokia PC Suite 7\GetConnected.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.5zhet"
O4 - HKCU\..\Run: [tons bike intra poll] "C:\ProgramData\ooze mags mfcd.7bjm9xo"
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_fi;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)" -"http://www.habbo.fi/shockwave_client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11235 bytes

 

On siellä jotain !!!

On suositeltavaa ottaa virustorjunnan reaaliaikainen tarkistus pois päältä ettei se häiritse Lop S&D:n toimintaa; voit laittaa sen takaisin päälle tarkistuksen jälkeen

Lataa Lop S&D TÄÄLTÄ

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

.

 

Tämmöstä pukkas. . Reaaliaikainen scannaus tuskin oli käytössä kun on päivitys/rekisteröinti McAfeessa tekemättä aikoinaa.
Mutta juu tässä lista--->

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 550 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : marko ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:17 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( ti 27.10.2009|19:37 )

[ UAC => 1 ]

--------------------\\ Listaa hakemistoja sijainnissa Local

[19.08.2008|02:04] C:\Users\marko\AppData\Local\acer eNM
[31.08.2008|11:09] C:\Users\marko\AppData\Local\Adobe
[26.12.2008|15:55] C:\Users\marko\AppData\Local\Apple
[12.01.2009|07:07] C:\Users\marko\AppData\Local\Apple Computer
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Application Data
[12.06.2009|05:34] C:\Users\marko\AppData\Local\AVG Security Toolbar
[25.10.2009|12:48] C:\Users\marko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[19.08.2008|01:46] C:\Users\marko\AppData\Local\GDIPFONTCACHEV1.DAT
[27.10.2009|18:55] C:\Users\marko\AppData\Local\IconCache.db
[11.10.2009|19:29] C:\Users\marko\AppData\Local\Microsoft
[07.10.2008|17:09] C:\Users\marko\AppData\Local\Microsoft Games
[22.08.2008|16:34] C:\Users\marko\AppData\Local\Mozilla
[14.10.2009|16:22] C:\Users\marko\AppData\Local\NFS Underground 2
[22.09.2009|12:42] C:\Users\marko\AppData\Local\P5
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Sivuhistoria
[27.10.2009|19:34] C:\Users\marko\AppData\Local\Temp
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Temporary Internet Files
[26.10.2009|19:43] C:\Users\marko\AppData\Local\VirtualStore
[3|tiedosto(a)] C:\Users\marko\AppData\Local\tavua
[17|kansio(ta)] C:\Users\marko\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

[15.10.2009 00:00][--a------] C:\Windows\tasks\McDefragTask.job
[30.09.2009 23:59][--a------] C:\Windows\tasks\McQcTask.job
[27.10.2009 18:57][--ah-----] C:\Windows\tasks\SA.DAT
[27.10.2009 18:56][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[02.04.2008|18:48] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[01.05.2009|18:28] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[02.04.2008|18:30] C:\ProgramData\Adobe
[26.12.2008|15:53] C:\ProgramData\Apple
[01.05.2009|18:09] C:\ProgramData\Apple Computer
[02.11.2006|15:02] C:\ProgramData\Application Data
[13.09.2009|14:02] C:\ProgramData\AVG Security Toolbar
[25.01.2009|14:59] C:\ProgramData\avg8
[01.02.2009|14:23] C:\ProgramData\Byte Lies Bind.cgd78sk
[12.04.2009|10:04] C:\ProgramData\CyberLink
[01.02.2009|22:13] C:\ProgramData\DAEMON Tools Lite
[02.11.2006|15:02] C:\ProgramData\Desktop
[02.11.2006|15:02] C:\ProgramData\Documents
[01.02.2009|14:22] C:\ProgramData\EncCopyCopy.77gqi6d
[13.01.2009|16:01] C:\ProgramData\EncCopyCopy.82ztpnr
[01.02.2009|14:22] C:\ProgramData\EncCopyCopy.cyjy2
[02.11.2006|15:02] C:\ProgramData\Favorites
[02.05.2009|14:35] C:\ProgramData\Installations
[19.08.2008|01:38] C:\ProgramData\K„ynnist„-valikko
[09.07.2009|22:29] C:\ProgramData\LightScribe
[19.08.2008|01:38] C:\ProgramData\Mallit
[02.10.2008|05:41] C:\ProgramData\McAfee
[15.01.2009|19:36] C:\ProgramData\Messenger Plus!
[19.08.2008|02:04] C:\ProgramData\Microsoft
[15.10.2009|02:09] C:\ProgramData\Microsoft Help
[25.10.2009|22:15] C:\ProgramData\Nero
[05.05.2009|20:04] C:\ProgramData\Nokia
[12.09.2009|14:05] C:\ProgramData\Norton
[30.08.2009|17:02] C:\ProgramData\NortonInstaller
[18.05.2009|01:19] C:\ProgramData\oncereal
[22.08.2008|16:59] C:\ProgramData\OrbNetworks
[19.10.2008|09:30] C:\ProgramData\PC Suite
[18.05.2009|01:19] C:\ProgramData\Poke admin tons bike
[02.10.2008|14:01] C:\ProgramData\SiteAdvisor
[29.01.2009|06:00] C:\ProgramData\Spybot - Search & Destroy
[02.11.2006|15:02] C:\ProgramData\Start Menu
[19.08.2008|01:38] C:\ProgramData\Suosikit
[30.08.2009|17:02] C:\ProgramData\Symantec
[02.11.2006|15:02] C:\ProgramData\Templates
[19.08.2008|01:38] C:\ProgramData\Tiedostot
[19.08.2008|01:38] C:\ProgramData\Ty”p”yt„
[31.08.2008|20:30] C:\ProgramData\WLInstaller
[4|tiedosto(a)] C:\ProgramData\tavua
[40|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[19.08.2008|02:02] C:\Program Files\Acer
[19.08.2008|01:52] C:\Program Files\Acer Inc
[02.04.2008|18:48] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[22.03.2009|21:39] C:\Program Files\Adobe
[25.01.2009|14:59] C:\Program Files\AVG
[18.04.2007|11:40] C:\Program Files\Broadcom
[19.10.2008|11:28] C:\Program Files\BS.Player ControlBar
[26.05.2009|05:23] C:\Program Files\Circle Developement
[13.09.2009|13:02] C:\Program Files\Common Files
[20.08.2008|01:31] C:\Program Files\CONEXANT
[19.08.2008|01:50] C:\Program Files\CyberLink
[01.02.2009|22:04] C:\Program Files\DAEMON Tools Lite
[01.02.2009|22:04] C:\Program Files\DAEMON Tools Toolbar
[21.12.2008|21:38] C:\Program Files\DC++
[11.09.2008|18:15] C:\Program Files\DIFX
[13.10.2009|17:52] C:\Program Files\EA GAMES
[01.09.2009|18:34] C:\Program Files\FunWebProducts
[19.08.2008|01:59] C:\Program Files\InstallShield Installation Information
[02.04.2008|17:37] C:\Program Files\Intel
[16.10.2009|02:25] C:\Program Files\Internet Explorer
[17.04.2009|06:48] C:\Program Files\Java
[19.08.2008|01:54] C:\Program Files\Launch Manager
[26.03.2009|19:27] C:\Program Files\McAfee
[02.04.2008|18:39] C:\Program Files\McAfee.com
[13.01.2009|16:01] C:\Program Files\Messenger Plus! Live
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[02.04.2008|18:47] C:\Program Files\Microsoft Office
[02.04.2008|18:48] C:\Program Files\Microsoft Small Business
[01.02.2009|21:47] C:\Program Files\Microsoft SQL Server
[02.04.2008|18:43] C:\Program Files\Microsoft Visual Studio
[02.04.2008|18:43] C:\Program Files\Microsoft Works
[02.04.2008|18:46] C:\Program Files\Microsoft.NET
[03.04.2008|04:21] C:\Program Files\Movie Maker
[12.09.2009|14:02] C:\Program Files\Mozilla Firefox
[02.11.2006|14:37] C:\Program Files\MSBuild
[02.11.2006|14:37] C:\Program Files\MSN
[02.04.2008|18:10] C:\Program Files\MSXML 4.0
[01.09.2009|18:34] C:\Program Files\MyWebSearch
[25.10.2009|21:30] C:\Program Files\Nero
[02.04.2008|18:36] C:\Program Files\NewTech Infosystems
[02.05.2009|14:45] C:\Program Files\Nokia
[12.09.2009|14:05] C:\Program Files\Norton Security Scan
[11.09.2008|18:12] C:\Program Files\PC Connectivity Solution
[01.05.2009|18:11] C:\Program Files\QuickTime
[02.04.2008|17:38] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[21.12.2008|21:07] C:\Program Files\RevConnect
[28.01.2009|21:20] C:\Program Files\Spybot - Search & Destroy
[02.04.2008|17:39] C:\Program Files\Synaptics
[26.10.2009|19:23] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[24.08.2008|09:33] C:\Program Files\uTorrent
[22.08.2008|16:58] C:\Program Files\Winamp
[22.08.2008|16:57] C:\Program Files\Winamp Remote
[03.04.2008|06:50] C:\Program Files\Windows Calendar
[03.04.2008|06:50] C:\Program Files\Windows Collaboration
[03.04.2008|06:50] C:\Program Files\Windows Defender
[03.04.2008|06:50] C:\Program Files\Windows Journal
[31.08.2008|20:56] C:\Program Files\Windows Live
[16.10.2009|02:06] C:\Program Files\Windows Mail
[12.08.2009|02:07] C:\Program Files\Windows Media Player
[19.08.2008|01:38] C:\Program Files\Windows NT
[03.04.2008|06:50] C:\Program Files\Windows Photo Gallery
[03.04.2008|06:55] C:\Program Files\Windows Sidebar
[14.09.2008|10:13] C:\Program Files\WinRAR
[14.12.2008|14:11] C:\Program Files\VstPlugins
[25.10.2009|22:43] C:\Program Files\Yahoo!
[0|tiedosto(a)] C:\Program Files\tavua
[69|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[22.03.2009|21:39] C:\Program Files\Common Files\Adobe
[02.04.2008|18:43] C:\Program Files\Common Files\DESIGNER
[19.08.2008|01:50] C:\Program Files\Common Files\InstallShield
[02.04.2008|18:35] C:\Program Files\Common Files\LightScribe
[02.04.2008|18:39] C:\Program Files\Common Files\McAfee
[01.02.2009|21:48] C:\Program Files\Common Files\microsoft shared
[02.04.2008|18:35] C:\Program Files\Common Files\muvee Technologies
[25.10.2009|22:00] C:\Program Files\Common Files\Nero
[02.04.2008|18:35] C:\Program Files\Common Files\NewTech Infosystems
[02.05.2009|14:38] C:\Program Files\Common Files\Nokia
[11.09.2008|18:16] C:\Program Files\Common Files\PCSuite
[15.02.2009|15:15] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11.09.2009|17:01] C:\Program Files\Common Files\Symantec Shared
[02.04.2008|18:41] C:\Program Files\Common Files\System
[31.08.2008|20:55] C:\Program Files\Common Files\WindowsLiveInstaller
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[19|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 99 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

C:\ProgramData\EncCopyCopy.cyjy2
C:\ProgramData\Byte Lies Bind.cgd78sk
C:\ProgramData\EncCopyCopy.77gqi6d
C:\ProgramData\EncCopyCopy.82ztpnr

--------------------\\ Etsii Lopin tiedostoja ja kansioita

C:\ProgramData\Poke admin tons bike
C:\ProgramData\Poke admin tons bike\else site.dat
C:\Users\marko\AppData\Local\Temp\Stalingrad[1993].Dvdrip.Xvid-RoCK [mininova].torrent
C:\Users\marko\AppData\Local\Temp\Static-X_Discography.3819377.TPB.torrent
C:\Program Files\Circle Developement

--------------------\\ Etsii rekisterikohteita

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drv acid"="\"C:\\ProgramData\\EncCopyCopy.5zhet\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 19:37:28
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\marko\AppData\Local\Temp\Need_For_Speed_Carbon_Collectors_Edition+Crack_and_Serial_[magellano-bt.org] [mininova].torrent


[F:127][D:217]-> C:\Users\marko\AppData\Local\Temp
[F:63][D:1]-> C:\Users\marko\AppData\Roaming\MICROS~1\Windows\Cookies
[F:5869][D:14]-> C:\Users\marko\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - ti 27.10.2009|19:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ti 27.10.2009|19:19 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - ti 27.10.2009|19:39 - Option : [1]

--------------------\\ Tarkistus valmistui 19:39:31
[ UAC => 1 ]

 

Loppihan siellä !!!

Käynnistä Lop S&D

Valitse Optio 2 (Korjaa + Hosts) painamalla 2 ja Enter
ÄLÄ sulje ikkunaa korjauksen aikana!
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt


Lähetä:
C:\lopR.txt
Uusi HJT logi
.

 

There!


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 550 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : marko ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:17 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( ke 28.10.2009|18:34 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Korjaa

Poistettu! - C:\ProgramData\Poke admin tons bike\else site.dat
Poistettu! - C:\Users\marko\AppData\Local\Temp\Stalingrad[1993].Dvdrip.Xvid-RoCK [mininova].torrent
Poistettu! - C:\Users\marko\AppData\Local\Temp\Static-X_Discography.3819377.TPB.torrent
Poistettu! - C:\ProgramData\EncCopyCopy.cyjy2
Poistettu! - C:\ProgramData\Byte Lies Bind.cgd78sk
Poistettu! - C:\ProgramData\EncCopyCopy.77gqi6d
Poistettu! - C:\ProgramData\EncCopyCopy.82ztpnr
Poistettu! - C:\ProgramData\Poke admin tons bike
Poistettu! - C:\Program Files\Circle Developement
-
[ Hosts-tiedosto ] .. Palautettu !

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listaa hakemistoja sijainnissa Local

[19.08.2008|02:04] C:\Users\marko\AppData\Local\acer eNM
[31.08.2008|11:09] C:\Users\marko\AppData\Local\Adobe
[26.12.2008|15:55] C:\Users\marko\AppData\Local\Apple
[12.01.2009|07:07] C:\Users\marko\AppData\Local\Apple Computer
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Application Data
[12.06.2009|05:34] C:\Users\marko\AppData\Local\AVG Security Toolbar
[25.10.2009|12:48] C:\Users\marko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[19.08.2008|01:46] C:\Users\marko\AppData\Local\GDIPFONTCACHEV1.DAT
[27.10.2009|23:26] C:\Users\marko\AppData\Local\IconCache.db
[11.10.2009|19:29] C:\Users\marko\AppData\Local\Microsoft
[07.10.2008|17:09] C:\Users\marko\AppData\Local\Microsoft Games
[22.08.2008|16:34] C:\Users\marko\AppData\Local\Mozilla
[27.10.2009|22:22] C:\Users\marko\AppData\Local\NFS Underground 2
[22.09.2009|12:42] C:\Users\marko\AppData\Local\P5
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Sivuhistoria
[28.10.2009|18:34] C:\Users\marko\AppData\Local\Temp
[19.08.2008|01:43] C:\Users\marko\AppData\Local\Temporary Internet Files
[26.10.2009|19:43] C:\Users\marko\AppData\Local\VirtualStore
[3|tiedosto(a)] C:\Users\marko\AppData\Local\tavua
[17|kansio(ta)] C:\Users\marko\AppData\Local\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\Windows\Tasks

[15.10.2009 00:00][--a------] C:\Windows\tasks\McDefragTask.job
[30.09.2009 23:59][--a------] C:\Windows\tasks\McQcTask.job
[28.10.2009 18:21][--ah-----] C:\Windows\tasks\SA.DAT
[27.10.2009 23:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listaa hakemistoja sijainnissa C:\ProgramData

[02.04.2008|18:48] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[01.05.2009|18:28] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[02.04.2008|18:30] C:\ProgramData\Adobe
[26.12.2008|15:53] C:\ProgramData\Apple
[01.05.2009|18:09] C:\ProgramData\Apple Computer
[02.11.2006|15:02] C:\ProgramData\Application Data
[13.09.2009|14:02] C:\ProgramData\AVG Security Toolbar
[25.01.2009|14:59] C:\ProgramData\avg8
[12.04.2009|10:04] C:\ProgramData\CyberLink
[01.02.2009|22:13] C:\ProgramData\DAEMON Tools Lite
[02.11.2006|15:02] C:\ProgramData\Desktop
[02.11.2006|15:02] C:\ProgramData\Documents
[02.11.2006|15:02] C:\ProgramData\Favorites
[02.05.2009|14:35] C:\ProgramData\Installations
[19.08.2008|01:38] C:\ProgramData\K„ynnist„-valikko
[09.07.2009|22:29] C:\ProgramData\LightScribe
[19.08.2008|01:38] C:\ProgramData\Mallit
[02.10.2008|05:41] C:\ProgramData\McAfee
[15.01.2009|19:36] C:\ProgramData\Messenger Plus!
[19.08.2008|02:04] C:\ProgramData\Microsoft
[15.10.2009|02:09] C:\ProgramData\Microsoft Help
[25.10.2009|22:15] C:\ProgramData\Nero
[05.05.2009|20:04] C:\ProgramData\Nokia
[12.09.2009|14:05] C:\ProgramData\Norton
[30.08.2009|17:02] C:\ProgramData\NortonInstaller
[18.05.2009|01:19] C:\ProgramData\oncereal
[22.08.2008|16:59] C:\ProgramData\OrbNetworks
[19.10.2008|09:30] C:\ProgramData\PC Suite
[02.10.2008|14:01] C:\ProgramData\SiteAdvisor
[29.01.2009|06:00] C:\ProgramData\Spybot - Search & Destroy
[02.11.2006|15:02] C:\ProgramData\Start Menu
[19.08.2008|01:38] C:\ProgramData\Suosikit
[30.08.2009|17:02] C:\ProgramData\Symantec
[02.11.2006|15:02] C:\ProgramData\Templates
[19.08.2008|01:38] C:\ProgramData\Tiedostot
[19.08.2008|01:38] C:\ProgramData\Ty”p”yt„
[31.08.2008|20:30] C:\ProgramData\WLInstaller
[0|tiedosto(a)] C:\ProgramData\tavua
[39|kansio(ta)] C:\ProgramData\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[19.08.2008|02:02] C:\Program Files\Acer
[19.08.2008|01:52] C:\Program Files\Acer Inc
[02.04.2008|18:48] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[22.03.2009|21:39] C:\Program Files\Adobe
[25.01.2009|14:59] C:\Program Files\AVG
[18.04.2007|11:40] C:\Program Files\Broadcom
[19.10.2008|11:28] C:\Program Files\BS.Player ControlBar
[13.09.2009|13:02] C:\Program Files\Common Files
[20.08.2008|01:31] C:\Program Files\CONEXANT
[19.08.2008|01:50] C:\Program Files\CyberLink
[01.02.2009|22:04] C:\Program Files\DAEMON Tools Lite
[01.02.2009|22:04] C:\Program Files\DAEMON Tools Toolbar
[21.12.2008|21:38] C:\Program Files\DC++
[11.09.2008|18:15] C:\Program Files\DIFX
[13.10.2009|17:52] C:\Program Files\EA GAMES
[01.09.2009|18:34] C:\Program Files\FunWebProducts
[19.08.2008|01:59] C:\Program Files\InstallShield Installation Information
[02.04.2008|17:37] C:\Program Files\Intel
[16.10.2009|02:25] C:\Program Files\Internet Explorer
[17.04.2009|06:48] C:\Program Files\Java
[19.08.2008|01:54] C:\Program Files\Launch Manager
[26.03.2009|19:27] C:\Program Files\McAfee
[02.04.2008|18:39] C:\Program Files\McAfee.com
[13.01.2009|16:01] C:\Program Files\Messenger Plus! Live
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[02.04.2008|18:47] C:\Program Files\Microsoft Office
[02.04.2008|18:48] C:\Program Files\Microsoft Small Business
[01.02.2009|21:47] C:\Program Files\Microsoft SQL Server
[02.04.2008|18:43] C:\Program Files\Microsoft Visual Studio
[02.04.2008|18:43] C:\Program Files\Microsoft Works
[02.04.2008|18:46] C:\Program Files\Microsoft.NET
[03.04.2008|04:21] C:\Program Files\Movie Maker
[12.09.2009|14:02] C:\Program Files\Mozilla Firefox
[02.11.2006|14:37] C:\Program Files\MSBuild
[02.11.2006|14:37] C:\Program Files\MSN
[02.04.2008|18:10] C:\Program Files\MSXML 4.0
[01.09.2009|18:34] C:\Program Files\MyWebSearch
[25.10.2009|21:30] C:\Program Files\Nero
[02.04.2008|18:36] C:\Program Files\NewTech Infosystems
[02.05.2009|14:45] C:\Program Files\Nokia
[12.09.2009|14:05] C:\Program Files\Norton Security Scan
[11.09.2008|18:12] C:\Program Files\PC Connectivity Solution
[01.05.2009|18:11] C:\Program Files\QuickTime
[02.04.2008|17:38] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[21.12.2008|21:07] C:\Program Files\RevConnect
[28.01.2009|21:20] C:\Program Files\Spybot - Search & Destroy
[02.04.2008|17:39] C:\Program Files\Synaptics
[26.10.2009|19:23] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[24.08.2008|09:33] C:\Program Files\uTorrent
[22.08.2008|16:58] C:\Program Files\Winamp
[22.08.2008|16:57] C:\Program Files\Winamp Remote
[03.04.2008|06:50] C:\Program Files\Windows Calendar
[03.04.2008|06:50] C:\Program Files\Windows Collaboration
[03.04.2008|06:50] C:\Program Files\Windows Defender
[03.04.2008|06:50] C:\Program Files\Windows Journal
[31.08.2008|20:56] C:\Program Files\Windows Live
[16.10.2009|02:06] C:\Program Files\Windows Mail
[12.08.2009|02:07] C:\Program Files\Windows Media Player
[19.08.2008|01:38] C:\Program Files\Windows NT
[03.04.2008|06:50] C:\Program Files\Windows Photo Gallery
[03.04.2008|06:55] C:\Program Files\Windows Sidebar
[14.09.2008|10:13] C:\Program Files\WinRAR
[14.12.2008|14:11] C:\Program Files\VstPlugins
[25.10.2009|22:43] C:\Program Files\Yahoo!
[0|tiedosto(a)] C:\Program Files\tavua
[68|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[22.03.2009|21:39] C:\Program Files\Common Files\Adobe
[02.04.2008|18:43] C:\Program Files\Common Files\DESIGNER
[19.08.2008|01:50] C:\Program Files\Common Files\InstallShield
[02.04.2008|18:35] C:\Program Files\Common Files\LightScribe
[02.04.2008|18:39] C:\Program Files\Common Files\McAfee
[01.02.2009|21:48] C:\Program Files\Common Files\microsoft shared
[02.04.2008|18:35] C:\Program Files\Common Files\muvee Technologies
[25.10.2009|22:00] C:\Program Files\Common Files\Nero
[02.04.2008|18:35] C:\Program Files\Common Files\NewTech Infosystems
[02.05.2009|14:38] C:\Program Files\Common Files\Nokia
[11.09.2008|18:16] C:\Program Files\Common Files\PCSuite
[15.02.2009|15:15] C:\Program Files\Common Files\PX Storage Engine
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11.09.2009|17:01] C:\Program Files\Common Files\Symantec Shared
[02.04.2008|18:41] C:\Program Files\Common Files\System
[31.08.2008|20:55] C:\Program Files\Common Files\WindowsLiveInstaller
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[19|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 99 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 18:35:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 9

--------------------\\ Tarkistaa muita infektioita

--------------------\\ Cracks & Keygens ..

C:\Users\marko\AppData\Local\Temp\Need_For_Speed_Carbon_Collectors_Edition+Crack_and_Serial_[magellano-bt.org] [mininova].torrent


[F:124][D:218]-> C:\Users\marko\AppData\Local\Temp
[F:63][D:1]-> C:\Users\marko\AppData\Roaming\MICROS~1\Windows\Cookies
[F:5869][D:14]-> C:\Users\marko\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - ti 27.10.2009|19:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - ti 27.10.2009|19:19 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - ti 27.10.2009|19:39 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - ke 28.10.2009|18:37 - Option : [2]

--------------------\\ Tarkistus valmistui 18:37:48
[ UAC => 1 ]

ja sitte HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:32, on 26.10.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Users\marko\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
D:\Nokia PC Suite 7\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
D:\Nokia PC Suite 7\GetConnected.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.5zhet"
O4 - HKCU\..\Run: [tons bike intra poll] "C:\ProgramData\ooze mags mfcd.7bjm9xo"
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_fi;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)" -"http://www.habbo.fi/shockwave_client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11235 bytes

Miltäs näyttää?

 

Loppi lähti !!!

Toivottavasti se oli yksin ???

----------------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.5zhet"
O4 - HKCU\..\Run: [tons bike intra poll] "C:\ProgramData\ooze mags mfcd.7bjm9xo"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O18 - Protocol: linkscanner - (no CLSID) - (no file)

sekä sammuta ne.(fix Chekked) napista.

--------------------------------------------------------------------------

Lataa Atribunen ATF Cleaner

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

----------------------------------------------

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi
* uuden HijackThis-lokin kera

.

 

Ihan ensimmäiseks että näitä ei löytyny ennää scannauksessa sillon ko piti poistaa-->

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')

ja muistaakseni-->

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Johtunee siitä että poistelin joitakin ohjelmia koneelta veks joiden katsoin olevan tarpeettomia. Eli näitä tuskin on ko ei tuolloin HJT ei niitä löytänyt?




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 30, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 29, 2009 16:48:41
Records in database: 3102015
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 153794
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:56:48


File name / Threat / Threats count
D:\Uusi kansio\Musiikki\Irtokipaleet\sunrise avenue the whole story.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

Selected area has been scanned.

Ja HJT:

--Padappapppaaa HJT muuten antaa kokoajan samaa listaa mikä on edellisessä viestissäni,siis aivan samaa! Pvm ja kellon aikakin täsmää mikä mättää:O

--Ja vielä vähän edittiä että tässä topicissa postittamani HJT listat ovat samaa?

 

Kyllä tämä ohjelma sun koneella on, mutta ei
enään kokoaika käynnissä.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

-------------------------------------------------------------------------------

(poista työpöydältäsi se vanha logi ettei mene sekaisin)

* Käynnistä HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.

Poista tämä =>
D:\Uusi kansio\Musiikki\Irtokipaleet\sunrise avenue the whole story.mp3

-------------------------------------------------------------


.

 

Dodii tässä ny UUSI hjt=)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:27, on 1.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\marko\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_fi;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)" -"http://www.habbo.fi/shockwave_client"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10276 bytes

 

Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

**************************************************

Lue tuo ylempi ohje huolella !!!


Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
(HJT sammuttaa ohjelman ei poista)
ja valitset Suorita Järjestelmänvalvojana
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä sammuta ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - (no CLSID) - (no file)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
* Auttoiko ???
*

 

Jospa tämä ny män niiko piti=D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:14, on 1.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\marko\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_fi;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)" -"http://www.habbo.fi/shockwave_client"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9298 bytes

Näin tällein pikaisella toteamuksella on ok,ilimottelen jos pahempaa nyt ilimaantuu

 

OK logi on puhdas !!!