HJT login tsekkaus tarvitaan EDIT: UUSI ONGELMA PIKAISTA APUA TARVITAAN

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 6.7.2008 / 14:09

Haku:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt login tsekkaus tarvitaan edit: uusi ongelma pikaista apua tarvitaan

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

HJT login tsekkaus tarvitaan EDIT: UUSI ONGELMA PIKAISTA APUA TARVITAAN

Siirry:

Kirjoittaja

Viesti

darkkis94

Newbie

23. huhtikuuta 2008 @ 15:01

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:46, on 23.4.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Windows\V0220Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Registration .LNK = F:\Register\RegistrationReminder.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onl.../fshc/fscax.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13834 bytes

[ + lainaa]

Hujo

AfterDawn Addict

23. huhtikuuta 2008 @ 15:20

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

24. huhtikuuta 2008 @ 19:49

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.11
Database version: 676

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 377263
Time elapsed: 2 hour(s), 30 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-04-22.5 - Ahti 2008-04-24 16:18:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2023 [GMT 3:00]
Running from: C:\Users\Ahti\Documents\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-24 to 2008-04-24 )))))))))))))))))
.

2008-04-23 16:14 . 2008-04-23 16:14 <KANSIO> d-------- C:\Program Files\Ultra Utility
2008-04-23 14:46 . 2008-04-23 14:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-04-22 20:56 . 2008-04-22 20:56 429,568 --a------ C:\Windows\System32\fmod64.dll
2008-04-22 20:56 . 2008-04-22 20:56 161,280 --a------ C:\Windows\System32\fmod.dll
2008-04-22 16:18 . 2008-04-22 16:18 <KANSIO> d-------- C:\Users\Ahti\AppData\Roaming\Grisoft
2008-04-22 16:17 . 2008-04-22 16:17 <KANSIO> d-------- C:\Users\All Users\Grisoft
2008-04-22 16:17 . 2008-04-22 16:17 <KANSIO> d-------- C:\ProgramData\Grisoft
2008-04-22 16:17 . 2007-05-30 15:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-22 07:46 . 2008-04-22 07:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-20 12:29 . 2008-04-20 12:29 <KANSIO> d-------- C:\Windows\JA+2.3 mod with JA+ Pluginv1.3
2008-04-20 11:46 . 2008-04-20 11:47 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2008-04-20 11:46 . 2008-04-20 11:47 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2008-04-20 11:46 . 2008-04-20 11:46 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-04-20 11:44 . 2008-04-20 11:46 <KANSIO> d-------- C:\Users\Ahti\AppData\Roaming\Winamp
2008-04-20 11:44 . 2008-04-20 11:46 <KANSIO> d-------- C:\Program Files\Winamp
2008-04-20 11:44 . 2007-03-08 02:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-17 22:09 . 2008-04-17 22:09 <KANSIO> d-------- C:\PerfLogs
2008-04-17 21:25 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-17 21:24 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-17 21:23 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-17 21:22 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-17 21:21 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-17 21:21 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-17 21:21 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-17 21:21 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-17 21:20 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-17 21:20 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-17 21:20 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-17 21:20 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-15 17:44 . 2008-04-15 17:44 <KANSIO> d-------- C:\Program Files\DC++
2008-04-09 14:12 . 2008-02-22 05:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 14:12 . 2008-02-22 08:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 20:42 . 2008-04-08 20:42 <KANSIO> d-------- C:\Users\All Users\Age of Empires 3
2008-04-08 20:42 . 2008-04-08 20:42 <KANSIO> d-------- C:\ProgramData\Age of Empires 3
2008-04-08 20:09 . 2008-04-08 20:09 <KANSIO> d-------- C:\Program Files\Common Files\Microsoft Games
2008-04-04 21:40 . 2008-04-05 17:34 <KANSIO> d-------- C:\Users\Ahti\AppData\Roaming\gtk-2.0
2008-04-04 15:59 . 2008-04-04 15:59 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-04 15:54 . 2008-04-04 15:54 <KANSIO> d-------- C:\Users\Ahti\AppData\Roaming\DAEMON Tools
2008-04-04 15:54 . 2008-04-04 15:55 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-30 03:12 . 2008-03-30 03:12 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-30 01:43 . 2008-03-30 01:43 <KANSIO> d-------- C:\Program Files\Gpotato
2008-03-25 15:38 . 2008-03-25 15:38 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 15:37 . 2008-03-25 15:39 <KANSIO> d-------- C:\Program Files\Windows Live
2008-03-25 15:35 . 2008-03-25 15:35 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-03-25 15:35 . 2008-03-25 15:35 <KANSIO> d-------- C:\ProgramData\WLInstaller

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 13:28 --------- d-----w C:\Users\Ahti\AppData\Roaming\Skype
2008-04-24 13:11 --------- d-----w C:\Users\Ahti\AppData\Roaming\skypePM
2008-04-21 13:21 --------- d---a-w C:\ProgramData\TEMP
2008-04-19 18:39 --------- d-----w C:\Users\Ahti\AppData\Roaming\uTorrent
2008-04-17 19:25 --------- d-----w C:\ProgramData\NVIDIA
2008-04-17 19:21 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Mail
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:12 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 18:51 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 18:51 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-17 07:05 --------- d-----w C:\Program Files\DownloadToolz
2008-04-14 14:19 --------- d-----w C:\ProgramData\Firefly Studios
2008-04-14 14:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 12:37 --------- d-----w C:\Users\Ahti\AppData\Roaming\LimeWire
2008-04-09 11:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 13:15 --------- d-----w C:\Program Files\F-Secure
2008-04-07 16:26 --------- d-----w C:\Users\Ahti\AppData\Roaming\mIRC
2008-04-06 15:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-06 15:47 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-04 18:49 --------- d-----w C:\Program Files\mIRC
2008-03-22 16:27 --------- d-----w C:\Program Files\Java
2008-03-13 19:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 18:55 --------- d-----w C:\Program Files\Abcc Free FLV to AVI WMV MPEG MP4 MOV Converter
2008-03-04 20:00 --------- d-----w C:\Program Files\FDRLab
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-27 14:54 --------- d-----w C:\Program Files\Kuma Games
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-16 19:42 691,545 ----a-w C:\Windows\unins000.exe
2008-02-03 12:09 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-31 02:02 54,608 ----a-w C:\Windows\System32\xfcodec.dll
2008-01-18 13:11 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-18 13:11 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-20 20:08 0 ----a-w C:\Users\Ahti\AppData\Roaming\wklnhst.dat
2007-11-01 19:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-01 19:08 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-01 19:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 10:36 2153472 C:\Windows\System32\oobefldr.dll]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 04:54 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 12:48 380928]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-06-01 16:19 183208]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-06-01 16:17 740208]
"V0220Mon.exe"="C:\Windows\V0220Mon.exe" [2006-11-17 02:02 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Skytel"="Skytel.exe" [2007-03-16 10:06 1822720 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 17:20:51 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 17:25:20 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-07 16:21 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C55EB872-84AB-4CE4-94E2-D59F19B8B14D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{584F8E90-5B0B-419C-B103-F7866AF537F5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0E42B23-09E7-445F-A462-65075C499F49}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{48A7AA93-CFD1-44A6-8932-38837E37135E}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{057D057B-2E77-4902-B8DB-867531B8D7A8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{50279E87-82E9-414B-9C3E-F852377267E5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{BD0D0768-F85A-45DE-AB29-CCE02C0176BC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{7016F49C-79B2-4647-9EB1-910983D6CAE9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{2BAC7F7D-7AB9-43C6-911E-474847D3ECF5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{D5ECD7A4-1EAC-4181-9862-720EB00FAE19}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{76BA5F31-C1DC-42D5-B5F4-D34D0F52C7AE}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{C4BE1AD3-CA83-44A2-A16D-CA26B3A2D4C9}"= UDP:D:\Program files\StrongholdLegends.exe:Stronghold Legends
"{E1D1C772-E858-46B5-987B-88BAB95D4759}"= TCP:D:\Program files\StrongholdLegends.exe:Stronghold Legends
"{FA7DB380-B6DE-47C1-9E19-E9059023031E}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{9A819DAD-8B3A-4B2D-AB4C-E43E2B901CE1}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{262B0591-65FE-480C-8F26-6F4B524F2BEC}"= UDP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{004A070A-AB67-42F1-8F9A-9C83A3819340}"= TCP:C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:Stronghold Legends
"{B1EB3ADF-81D6-49C9-98AD-A7BF6DAA0A6F}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)
"{38C40BCA-3C72-4035-B98D-D045E785E406}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)
"{3A7FE625-6918-4E06-B779-7924E718AF5E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{505A7CD1-2EEB-46A9-9547-44CD4F4210AF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95AED395-5CE8-4742-A616-B2E2A35DB5A9}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{4E9D76CA-571D-45B6-96DC-AE24182537B4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{2BF8734B-8328-4C91-8E71-7E35AF8A5EB2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{10D96557-4FD2-45FB-8EE6-2820324F824D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B3969837-6C8B-4062-A396-DE076DD418D1}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{1293048E-8FFC-4665-B8DD-705B167CCC4A}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{5FD2D237-AADD-45C8-B90A-8C85205D5284}D:\\xfire\\xfire.exe"= UDP:D:\xfire\xfire.exe:Xfire
"UDP Query User{792C2367-B7F9-41F6-98DA-CEFA4A6D0CF8}D:\\xfire\\xfire.exe"= TCP:D:\xfire\xfire.exe:Xfire
"TCP Query User{8EA93901-1C42-4C25-B968-652D4B00910E}C:\\users\\ahti\\desktop\\utorrent.exe"= UDP:C:\users\ahti\desktop\utorrent.exe:utorrent.exe
"UDP Query User{7CC67A98-0557-4C74-825B-7F537C0BF97C}C:\\users\\ahti\\desktop\\utorrent.exe"= TCP:C:\users\ahti\desktop\utorrent.exe:utorrent.exe
"TCP Query User{AA7FC68F-56A5-42F2-A15A-C7A9976AD38E}D:\\game-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:D:\game-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{2E393D12-C500-402E-9559-9AC250B05CAE}D:\\game-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:D:\game-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"{E90DCCEA-DFCE-410B-804A-2A4A679EEE0D}"= UDP:D:\GameSpy\Aphex.exe:GameSpy Arcade
"{AECED666-9676-462D-ACE8-8B484FD10A44}"= TCP:D:\GameSpy\Aphex.exe:GameSpy Arcade
"TCP Query User{944A5E05-6DC0-499D-BA21-02FE62B4C096}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{D4784195-637E-495D-8438-5C612BA840B7}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{474149F4-90B4-428F-99EF-59100FB147DC}C:\\program files\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:\program files\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{6ACA5FC6-0656-4F1B-9588-9D935C7B9941}C:\\program files\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:\program files\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{3E1A16E7-796D-4455-A3D8-A68132C13BE9}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{3B38F9E3-F530-466D-BBFF-4BE8CA25AC70}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{42170E3E-EE42-4626-95C2-29F5159A7B6F}D:\\stronghold crusader\\stronghold crusader\\stronghold crusader.exe"= UDP:D:\stronghold crusader\stronghold crusader\stronghold crusader.exe:Stronghold Crusader
"UDP Query User{FB22FDC3-895B-4521-AE85-771BA70F9757}D:\\stronghold crusader\\stronghold crusader\\stronghold crusader.exe"= TCP:D:\stronghold crusader\stronghold crusader\stronghold crusader.exe:Stronghold Crusader
"{A96BB879-577C-4372-A570-BC999BEEC21B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{40C3EF69-F963-4E81-8D86-42EFBDB7A235}"= UDP:D:\Game-masters.com\CABAL Online (Europe)\cabal.exe:Cabal
"{8B72A4C3-6069-40F5-BECD-595CFA91C9E6}"= TCP:D:\Game-masters.com\CABAL Online (Europe)\cabal.exe:Cabal
"TCP Query User{36772FFC-3EFD-4F98-915A-952019B47DB3}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{81705128-5B2D-43DA-AA00-CF96037AFFE1}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{D5CE03AF-EDE8-4529-B91F-37769EBE9B9A}D:\\stronghold 1\\stronghold.exe"= UDP:D:\stronghold 1\stronghold.exe:Stronghold
"UDP Query User{8E234D7D-15F6-4D1E-891E-F8A3352E78A8}D:\\stronghold 1\\stronghold.exe"= TCP:D:\stronghold 1\stronghold.exe:Stronghold
"{2E0AAC62-06BE-4F99-9264-065D440D33CE}"= UDP:D:\Age of empires III\age3x.exe:Age of Empires III - The WarChiefs
"{44B67A79-F451-4F33-84CB-796FF246DDD1}"= TCP:D:\Age of empires III\age3x.exe:Age of Empires III - The WarChiefs
"{2DA158D2-A316-4B12-A875-4B8B0F1047C9}"= UDP:D:\Age of empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{DCCF1C05-E4EC-4BED-BF55-576440C73D52}"= TCP:D:\Age of empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{EE127C60-AFB9-4EEA-9BF3-79E06DD95756}D:\\age of empires iii\\age3.exe"= UDP:D:\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{258A242C-8A33-4232-B98F-273B61A9E042}D:\\age of empires iii\\age3.exe"= TCP:D:\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{70F1887C-06D6-4F7C-8F01-87510FE9286B}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{372B343D-C6B6-4240-9864-745E87595DAF}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{050FB686-8B25-45D5-95B4-81084082D970}E:\\sh crusader+\\stronghold crusader.exe"= UDP:E:\sh crusader+\stronghold crusader.exe:Stronghold Crusader
"UDP Query User{1BCABFC9-3D2D-4EEA-9707-97F9898CE767}E:\\sh crusader+\\stronghold crusader.exe"= TCP:E:\sh crusader+\stronghold crusader.exe:Stronghold Crusader
"TCP Query User{C6B0CB10-CD6D-4F8B-AF03-B99BDFCC7456}D:\\jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:D:\jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{CECDB4BA-ED41-44BC-AE1C-38048609E140}D:\\jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:D:\jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"{7262D5B7-52C8-43EC-BBE3-469FD6064260}"= UDP:D:\Stronghold 2 Deluxe\Stronghold2.exe:Stronghold 2
"{92864C0C-04CD-4606-A7D5-3762A94CF9F8}"= TCP:D:\Stronghold 2 Deluxe\Stronghold2.exe:Stronghold 2
"TCP Query User{B1E37B05-34F6-45CE-992B-F938E910EEF0}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{00CAC618-6762-411A-8777-989B902F64D4}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{AFBFA2D3-9760-41BA-AE65-E3A81CBD45AD}D:\\kotf jedi academy expansion pack\\gamedata\\jamp.exe"= UDP:D:\kotf jedi academy expansion pack\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{C5CD3AB2-4730-4115-B367-FE721157E5DF}D:\\kotf jedi academy expansion pack\\gamedata\\jamp.exe"= TCP:D:\kotf jedi academy expansion pack\gamedata\jamp.exe:Jedi Academy MultiPlayer
"{A858EEA7-6D85-4E51-9760-6C51C1668850}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{20D4C095-D0D7-4E0C-BBC1-DB0AC9A22900}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BF93FFF5-5135-40C8-8936-ED4235F847CA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{99299AC6-5F64-4AB5-BD9C-45D7D95FC257}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6F3B3C79-B323-4E86-A8B2-38BA3255DDCE}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{00B25B35-8BD3-46B4-BBF8-C5C0A32A57AF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{05CE77B0-F876-44AF-A0AA-ECED1E875422}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4BE907A0-0E5A-4262-BDFB-540D7B752E7B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 18:23]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2008-02-13 17:34]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-06-01 16:14]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-01-11 17:50]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-05-28 12:15]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-23 12:48]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-07-23 13:01]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-05-28 12:15]
R3 V0220Dev;Live! Cam Video IM;C:\Windows\system32\DRIVERS\V0220Dev.sys [2007-08-15 11:50]
R3 V0220Vfx;V0220VFX;C:\Windows\system32\DRIVERS\V0220Vfx.sys [2007-03-05 19:45]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 05:12]
S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 12:48]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 06:13]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-24 00:42]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 12:15]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-05-28 12:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d56bdd2-0246-11dd-944e-001c2502cf13}]
\shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-24 13:10:52 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 16:32:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2008-04-24 16:34:05
ComboFix-quarantined-files.txt 2008-04-24 13:33:21

Pre-Run: 11,680,243,712 tavua vapaana
Post-Run: 14,072,401,920 tavua vapaana

301 --- E O F --- 2008-04-17 18:54:35

[ + lainaa]

Hujo

AfterDawn Addict

25. huhtikuuta 2008 @ 09:15

Linkki tähän viestiin

sulla on tuo F-secure käytössä

aja tuosta
Nortonin poisto työkalu

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

25. huhtikuuta 2008 @ 15:35

Linkki tähän viestiin

Lainaus, alkuperäisen viestin kirjoitti Hujo:
sulla on tuo F-secure käytössä

aja tuosta
Nortonin poisto työkalu

Juu... Norton on poistettu,mutta jotain osia on voinut jäädä. Kiitos avusta ja kiinnostaisi vaan,että siis onko kone nyt puhdas ja oliko tässä örkkejä paljonki?

[ + lainaa]

Hujo

AfterDawn Addict

25. huhtikuuta 2008 @ 15:50

Linkki tähän viestiin

scannaa uusi hjt:n loki

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

25. huhtikuuta 2008 @ 17:52

Linkki tähän viestiin

[ + lainaa]

Hujo

AfterDawn Addict

26. huhtikuuta 2008 @ 12:09

Linkki tähän viestiin

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

================

hjt:n loki ei ole uusi

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

4. toukokuuta 2008 @ 22:53

Linkki tähän viestiin

Joo nyt tuli uus paha ongelma... F-secure löys jonkun trojan win32 banker tms. Ja se juntti F-secure ilmotti,että kohdetta ei voida poistaa??! mitä voin tehä help.

[ + lainaa]

Hujo

AfterDawn Addict

5. toukokuuta 2008 @ 12:42

Linkki tähän viestiin

siellä ne rääpeet vielä on

Poista lisää poista sovelutuksesta

Macrogaming

Poista kansio vikasiedossa

C:\Program Files\Macrogaming

=========

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

===============

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop CLTNetCnService
sc delete CLTNetCnService
sc stop LiveUpdate
sc delete LiveUpdate
sc stop "Automatic LiveUpdate Scheduler"
sc delete "Automatic LiveUpdate Scheduler"
sc stop "LiveUpdate Notice Ex"
sc delete "LiveUpdate Notice Ex"
sc stop "LiveUpdate Notice Service"
sc delete "LiveUpdate Notice Service"

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

=========

Poista kansio vikasiedossa

C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

5. toukokuuta 2008 @ 15:47

Linkki tähän viestiin

symantec jutut poistettu,macrogamingia eikä sweetim juttuja löytynyt,koska poistin ne ehkä viikko sitten jo pois? (sweetim oli messenger hymiöohjelma) Tein myös tuon poisto.bat jutun.
Mitäs sitten??

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. toukokuuta 2008 @ 16:55

Hujo

AfterDawn Addict

5. toukokuuta 2008 @ 18:19

Linkki tähän viestiin

scannaa uusi hjt:n loki

[ + lainaa]

Eihä kone voi edes toimia?

darkkis94

Newbie

8. toukokuuta 2008 @ 17:34

Linkki tähän viestiin

Mites sen uuden lokin saa kun aina kun scannaan hjt:llä siihen tulee se vanha? Kun olen fixannu ne symantec jutut,mutta ne silti näkyy siinä?

EDIT: Nyt on paha juttu: kun menin vähäksi aikaa pois koneelta ja jätin sen päälle. No kun palasin ruutu oli mustana ja kone EI ollut valmiustilassa eikä kuvaa saanut mitenkään. Noh katoin keskusyksikköä: Tuulettimet pyöri ja sininen ledi power napin vieressä paloi normaalisti. No ei auttanut kuin sammuttaa kone napista. Kone ei sen jälkeen enää ruvennut lataamaan käyttistä eikä emon piippausta kuulunut. Tuulettimet pyöri ja virtaa se kyllä sai. No odotin vähän aikaa ja sitten sain koneen taas käynnistettyä. Ajattelin huh ehkäpä se oli vain väliaikainen ongelma. No eipä ollutkaan sama kävi taas kun kävin syömässä. Mikä ongelman voisi aiheuttaa ja miten sen voisi korjata?v
En tiiä johtuuko viiruksesta,mutta kusessa olen kuiteski,kun en ottanu ongelmaa tarpeeks vakavasti :( (jos se viruksesta johtuu)
Uskon,että saan konetta kuiteski sen aikaa kestään auki jos tarivi tyylii hijackil scannata.

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. toukokuuta 2008 @ 18:25

Hujo

AfterDawn Addict

8. toukokuuta 2008 @ 19:45

Linkki tähän viestiin

vieläkös piiputtelee
poista vanhat hjt:n lokit ja scannaa uusi

[ + lainaa]

Eihä kone voi edes toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. toukokuuta 2008 @ 19:46

darkkis94

Newbie

9. toukokuuta 2008 @ 16:27

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:14, on 9.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Windows\V0220Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.