Bonjourin poiston jälkeen

Terve Hujo pitkästä aikaa. Ruusuja sulle jos voit taas vähän jeesata.
Miltä tää näyttää?

Sain poistettua melkoisen tappelun kanssa tänään ohjelman Bonjour (vaikea poistaa; ehkä aiheuttanut koneelle ylimääräistä verkkoliikennettäkin..). Kone vaikuttaa vähän pätkivän nyt ja miettii kaikkea välillä sairaan kauan ennenkuin tekee ne.

Lisäksi olen joutunut käyttämään palautuspistettä viime päivinä, joten jotkut kertaalleen korjatut ongelmat saattaavat olla takaisin. Ainakin tuon TkBellExe-jutun jo kertaalleen poistin HijackThis:llä ja sen jälkeen sain vasta käynnistysohjemista pois ohjelman: RealPlayer (32bit), joka oli siis käynnistysohjelmissa, enkä saanut poistettua. Ja nyt TkBellExe on taas tossa listassa ja käynnistysohjelmissa on RealPlayer (32bit).

Haluisin myös mielellään eroon Google Toolbar Notifier, jos jotenkin pääsisin. Tuskin on välttämätön?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:45, on 28.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/webhp?sourceid=navclient&hl=fi&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKCU\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKCU\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10368 bytes

 

laitas tulemaan

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

=======

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Mitä ihmettä? Ei voi olla. Tässä listassa on joku "World of Warcraft FREE Trial" jota EN TAATUSTI ole ladannut koneelleni. Sen pikakuvake!ilmestyi yhtäkkiä työpöydälleni muutama päivä sitten, kun latasin useita näitä puhditusohjelmia (olen kokeillut exterminate it!, registry booster, spyware doctor, superantispyeware, spybot ja muita ilmaisia...) Pikakuvakkeesta avautui nettisivu joten heitin sen vaan roskiin, koska ohjelmaa ei löydy koneeltani ja ajttelin että se siitä. Haku komento ei löydä sitä, eikä ole lisää/poista sovellutuksessa.

Eilen kävin http://forums.majorgeeks.com/showthread.php?t=139681
Vistan puhdistusohjelmaa läpi mutta combofixiä en uskaltanut, vaikuttaa että tarvitsee tietää mitä tekee. Se kun kuulemma korjaa/poistaa juttuja automaattisesti ja kysymättä.

Poistolista:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS2
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe WAS CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
avast! Antivirus
AVN Audio Recorder 2.0
Catalyst Control Center - Branding
CCleaner (remove only)
EPSON-tulostinohjelma
e-Sword
EVEREST Ultimate Edition v4.50
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Malwarebytes' Anti-Malware
Microsoft Office 2003 Web-komponentit
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Small Business -yhteysosat
Microsoft Office Word MUI (Finnish) 2007
Microsoft Reader
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
O2Micro Flash Memory Card Reader Driver Installer(x86)
Outlook 2007 Business Contact Manager SP1
Outlook 2007 Business Contact Manager SP1
PDF Settings
PowerDVD
QuickTime
Readiris Pro 10
RealPlayer
Realtek High Definition Audio Driver
Samsung SCX-4200 Series
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype™ 3.6
Smart Defrag 1.11
SmarThru 4
Spyware Doctor 6.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009 Nää on kyllä poistettu!
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
World of Warcraft FREE Trial
Yahoo! Messenger

 

Ennenkuin ajan Combofixin, mitä teen jos kone vaikka ei käynnisty sen jälkeen? Pitäisikö mulla oll varalta joku käynnistyslevy vai pääseekö vikasitotilassa internettiin kysymään jatko-ohjeita tai palauttamaan palautuspisteellä järjestelmä tähän nykyiseen kokoonpanoon.

Tuo Uniblue Registyr Booster on poistettu, mutta lisää/poistalistassa se löytyy. Ei anna poistaa, ilmoitaa virhettä.

 

Hei, tässä tää Combofix loki. Palutuspisteen se taisi luoda kysymättä, kuten tuossa alussa lukee? Luon kyl nykyisin Vistassa niitä useinkin varmuuden vuoksi omatoimisesti.

Intimitettisuojan vuoksi olen korvannut lokissa nimen xxx-merkillä ,mutta muuten alkuperäisessä asussaan.

ComboFix 09-02-27.02 - xxx 2009-02-28 19:58:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1789.947 [GMT 2:00]
Sijainti: c:\users\xxx\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AMV Converter\_desktop.ini
c:\program files\AMV Converter\skin\_desktop.ini
c:\program files\AMV Converter\skin\xpstyle\_desktop.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-28 to 2009-02-28 )))))))))))))))))
.

2009-02-27 22:03 . 2009-02-27 22:40 <KANSIO> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-27 22:03 . 2009-02-27 22:40 <KANSIO> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-27 22:03 . 2009-02-27 22:03 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy
2009-02-23 17:33 . 2009-02-28 12:48 <KANSIO> d-------- c:\program files\SUPERAntiSpyware
2009-02-23 17:33 . 2009-02-23 17:33 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-22 20:51 . 2009-02-22 20:51 <KANSIO> d-------- c:\users\All Users\ATI
2009-02-22 20:51 . 2009-02-22 20:51 <KANSIO> d-------- c:\programdata\ATI
2009-02-22 20:41 . 2009-02-22 20:41 0 --a------ c:\windows\ativpsrm.bin
2009-02-22 20:36 . 2009-02-22 20:36 <KANSIO> d-------- C:\ATI
2009-02-22 16:06 . 2009-02-22 16:08 <KANSIO> d-------- c:\program files\Spyware Doctor
2009-02-22 16:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2009-02-22 16:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2009-02-22 16:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2009-02-22 16:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2009-02-21 22:54 . 2009-02-21 22:54 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\PeerNetworking
2009-02-21 12:28 . 2009-02-28 10:46 <KANSIO> d--h----- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-21 12:28 . 2009-02-28 10:46 <KANSIO> d--h----- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-20 19:38 . 2009-02-21 20:25 <KANSIO> d-------- c:\users\All Users\avg8
2009-02-20 19:38 . 2009-02-21 20:25 <KANSIO> d-------- c:\programdata\avg8
2009-02-20 17:38 . 2009-02-05 23:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-20 14:06 . 2009-02-20 14:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 14:06 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-20 14:06 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 14:34 . 2009-02-19 20:10 <KANSIO> d-------- c:\program files\Lavalys
2009-02-19 14:27 . 2009-02-19 14:27 <KANSIO> d-------- c:\windows\Internet Logs
2009-02-19 00:25 . 2009-02-19 00:25 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\PC Tools
2009-02-18 19:25 . 2009-02-19 10:37 <KANSIO> d-------- c:\program files\Common Files\PC Tools
2009-02-16 19:02 . 2009-02-16 19:02 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\Malwarebytes
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\SUPERAntiSpyware.com
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-16 14:56 . 2009-02-22 21:47 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\IObit
2009-02-16 01:25 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 01:25 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 01:25 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 01:25 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 01:25 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 22:02 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:02 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 19:52 . 2009-02-08 19:52 85 --a------ c:\windows\cdplayer.ini
2009-02-08 19:43 . 2009-02-08 19:43 <KANSIO> d-------- c:\program files\Common Files\xing shared
2009-02-08 19:42 . 2009-02-08 19:42 <KANSIO> d-------- c:\program files\Real
2009-02-06 22:34 . 2009-02-06 22:34 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\Talkback
2009-02-06 22:34 . 2009-02-06 22:34 0 --a------ c:\windows\nsreg.dat
2009-02-06 22:33 . 2009-02-13 23:03 <KANSIO> d-------- c:\users\Public\RealArcade
2009-02-06 22:33 . 2009-02-06 22:33 <KANSIO> d-------- c:\users\All Users\Mozilla

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 18:00 --------- d---a-w c:\program files\AMV Converter
2009-02-28 10:03 --------- d-----w c:\programdata\Apple Computer
2009-02-28 09:18 --------- d-----w c:\program files\IObit
2009-02-28 08:46 --------- d-----w c:\programdata\Lavasoft
2009-02-27 17:44 --------- d-----w c:\programdata\FLEXnet
2009-02-27 17:44 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 06:57 --------- d-----w c:\program files\ATI
2009-02-22 19:39 --------- d---a-w c:\programdata\TEMP
2009-02-22 18:45 --------- d-----w c:\program files\ATI Technologies
2009-02-19 15:36 --------- d-----w c:\program files\Common Files\Apple
2009-02-19 15:32 --------- d-----w c:\programdata\Symantec
2009-02-19 15:30 --------- d-----w c:\users\xxx\AppData\Roaming\Yahoo!
2009-02-19 15:30 --------- d-----w c:\programdata\Yahoo!
2009-02-19 15:30 --------- d-----w c:\program files\Yahoo!
2009-02-19 15:18 --------- d-----w c:\program files\QuickTime
2009-02-13 12:10 --------- d-----w c:\program files\Google
2009-02-12 07:52 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 07:51 --------- d-----w c:\program files\Windows Mail
2009-02-08 17:42 --------- d-----w c:\program files\Common Files\Real
2009-02-04 07:29 4,303,360 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-02-04 05:02 442,368 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-02-04 05:00 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-02-04 05:00 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-02-04 05:00 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-02-04 05:00 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-02-04 05:00 11,264 ----a-w c:\windows\System32\atimuixx.dll
2009-02-04 04:59 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-02-04 04:58 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-02-04 04:43 3,903,488 ----a-w c:\windows\System32\atiumdag.dll
2009-02-04 04:22 4,905,472 ----a-w c:\windows\System32\atiumdva.dll
2009-02-04 04:11 11,366,400 ----a-w c:\windows\System32\atioglxx.dll
2009-02-04 04:07 51,712 ----a-w c:\windows\System32\amdpcom32.dll
2009-02-04 04:07 131,072 ----a-w c:\windows\System32\atiadlxx.dll
2009-02-04 03:53 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:01 57,344 ----a-w c:\windows\System32\aticalrt.dll
2009-02-04 03:01 53,248 ----a-w c:\windows\System32\aticalcl.dll
2009-02-04 02:58 3,252,224 ----a-w c:\windows\System32\aticaldd.dll
2009-01-07 14:49 --------- d-----w c:\users\xxx\AppData\Roaming\Skype
2009-01-07 14:09 --------- d-----w c:\users\xxx\AppData\Roaming\skypePM
2008-12-30 18:47 --------- d-----w c:\programdata\LightScribe
2008-12-13 01:48 60,744 ----a-w c:\users\xxx\g2mdlhlpx.exe
2008-06-16 07:07 174 --sha-w c:\program files\desktop.ini
2008-01-29 12:28 32 ----a-w c:\users\All Users\ezsid.dat
2008-01-29 12:28 32 ----a-w c:\programdata\ezsid.dat
2007-09-16 06:35 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-07 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-14 520192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-13 39408]
"Skytel"="Skytel.exe" [2007-04-14 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-08 185872]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71D75F7D-C7F3-48F3-8861-BD8D1B381E6C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DCD55947-1070-4130-8B39-AA152C973951}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{F99A2C5C-CD84-4E38-A85C-9C504B0AEB69}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0BB79B35-C98E-4F8F-9FC4-ACC86561EB68}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F93062DE-A70F-4715-A84D-79424CC9B883}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{731A195F-43B0-4AF6-BF3F-BDD0BB3C5C73}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{BEC119FB-CF66-4C37-B723-6B9FC16E1110}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{EF278762-A2AD-4173-8D37-9F6EED48F183}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"TCP Query User{B3ACDDED-DDF9-4545-9C72-BDED75D5AD36}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0AC3CBBE-E3FC-4945-B64E-8100BFF220BA}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{8ACE312A-D462-4A38-888A-C17D736103B8}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB1E2467-68AC-4CEA-B964-96C7AFC50F1F}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2007-04-03 35712]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-20 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-10-31 16:34:04 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-20 51792]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [2007-11-04 5120]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-22 356920]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-28 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe []

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-22 21:47]

2009-02-28 c:\windows\Tasks\User_Feed_Synchronization-{B397B829-38DC-4F82-9C9F-DDC46218E88F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/webhp?sourceid=navclient&hl=fi&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
FF - ProfilePath -

---- FIREFOXIN KÄYTÄNNÖT ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 20:00:58
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\eNetHook.dll
.
Valmistumisajankohta: 2009-02-28 20:03:09
ComboFix-quarantined-files.txt 2009-02-28 18:03:06

Ennen ajoa: 38 249 246 720 tavua vapaana
Ajon jälkeen: 38,640,226,304 tavua vapaana

241 --- E O F --- 2009-02-28 12:40:52

 

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna nimellä

Kohde: Työpöytä

Tiedostonnimi: CFScript.txt

Tallennusmuoto: Kaikki tiedostot

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

Unohdin, että olin muuttanut muutama päivä sitten kaikki piilotetut kansiot näkyviksi, mutta eipä kai tuosta suurta vaaraa ollu.

Tää loi palautuspisteen taas minulta lupaa kyselemättä.


ComboFix 09-02-28.01 - xxx 2009-03-01 10:31:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1789.936 [GMT 2:00]
Sijainti: c:\users\xxx\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\xxx\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\avg8
c:\programdata\avg8\Cfg\krnl.cfg
c:\programdata\avg8\Cfg\mail.cfg
c:\programdata\avg8\Cfg\malrep.cfg
c:\programdata\avg8\Cfg\scan.cfg
c:\programdata\avg8\Cfg\sched.cfg
c:\programdata\avg8\Cfg\update.cfg
c:\programdata\avg8\Cfg\user.cfg
c:\programdata\avg8\CfgAll\changecfgreg.cfg
c:\programdata\avg8\CfgAll\updateall.cfg
c:\programdata\avg8\Log\avgcfg.log.lock
c:\programdata\avg8\Log\avgcore.log
c:\programdata\avg8\Log\avgcore.log.lock
c:\programdata\avg8\Log\avgfrw.log
c:\programdata\avg8\Log\avgfrw.log.lock
c:\programdata\avg8\Log\avgldr.log
c:\programdata\avg8\Log\avgldr.log.lock
c:\programdata\avg8\Log\avglng.log
c:\programdata\avg8\Log\avglng.log.lock
c:\programdata\avg8\Log\avgns.log
c:\programdata\avg8\Log\avgns.log.lock
c:\programdata\avg8\Log\avgrs.log
c:\programdata\avg8\Log\avgrs.log.lock
c:\programdata\avg8\Log\avgsched.log.lock
c:\programdata\avg8\Log\avgsrm.log
c:\programdata\avg8\Log\avgsrm.log.lock
c:\programdata\avg8\Log\avgui.log
c:\programdata\avg8\Log\avgui.log.lock
c:\programdata\avg8\Log\avgupd.log
c:\programdata\avg8\Log\avgupd.log.lock
c:\programdata\avg8\Log\avgwd.log.lock
c:\programdata\avg8\Log\avgwdsvc.log
c:\programdata\avg8\Log\avgwdsvc.log.lock
c:\programdata\avg8\Log\commonpriv.log
c:\programdata\avg8\Log\commonpriv.log.lock
c:\programdata\avg8\Log\fixcfg.log
c:\programdata\avg8\Log\fixcfg.log.lock
c:\programdata\avg8\Log\history.xml
c:\programdata\avg8\Temp\75349fd7-77b1-4229-b51d-b1bdf239def2-12e0-oopp.tmp
c:\programdata\avg8\update\backup\incavi.avm
c:\programdata\avg8\update\backup\microavi.avg
c:\programdata\avg8\update\backup\sb.dat
c:\programdata\avg8\update\backup\sb2.dat
c:\programdata\avg8\update\backup\sc.dat
c:\programdata\avg8\update\prepare\incavi.avm
c:\programdata\avg8\update\prepare\sb.dat.prepare
c:\programdata\avg8\update\prepare\sc.dat.prepare
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\latest-hub-webauth.sql\LHW.sql
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\programdata\Symantec\wcid0.log
c:\users\All Users\avg8\Cfg\krnl.cfg
c:\users\All Users\avg8\Cfg\mail.cfg
c:\users\All Users\avg8\Cfg\malrep.cfg
c:\users\All Users\avg8\Cfg\scan.cfg
c:\users\All Users\avg8\Cfg\sched.cfg
c:\users\All Users\avg8\Cfg\update.cfg
c:\users\All Users\avg8\Cfg\user.cfg
c:\users\All Users\avg8\CfgAll\changecfgreg.cfg
c:\users\All Users\avg8\CfgAll\updateall.cfg
c:\users\All Users\avg8\Log\avgcfg.log.lock
c:\users\All Users\avg8\Log\avgcore.log
c:\users\All Users\avg8\Log\avgcore.log.lock
c:\users\All Users\avg8\Log\avgfrw.log
c:\users\All Users\avg8\Log\avgfrw.log.lock
c:\users\All Users\avg8\Log\avgldr.log
c:\users\All Users\avg8\Log\avgldr.log.lock
c:\users\All Users\avg8\Log\avglng.log
c:\users\All Users\avg8\Log\avglng.log.lock
c:\users\All Users\avg8\Log\avgns.log
c:\users\All Users\avg8\Log\avgns.log.lock
c:\users\All Users\avg8\Log\avgrs.log
c:\users\All Users\avg8\Log\avgrs.log.lock
c:\users\All Users\avg8\Log\avgsched.log.lock
c:\users\All Users\avg8\Log\avgsrm.log
c:\users\All Users\avg8\Log\avgsrm.log.lock
c:\users\All Users\avg8\Log\avgui.log
c:\users\All Users\avg8\Log\avgui.log.lock
c:\users\All Users\avg8\Log\avgupd.log
c:\users\All Users\avg8\Log\avgupd.log.lock
c:\users\All Users\avg8\Log\avgwd.log.lock
c:\users\All Users\avg8\Log\avgwdsvc.log
c:\users\All Users\avg8\Log\avgwdsvc.log.lock
c:\users\All Users\avg8\Log\commonpriv.log
c:\users\All Users\avg8\Log\commonpriv.log.lock
c:\users\All Users\avg8\Log\fixcfg.log
c:\users\All Users\avg8\Log\fixcfg.log.lock
c:\users\All Users\avg8\Log\history.xml
c:\users\All Users\avg8\Temp\75349fd7-77b1-4229-b51d-b1bdf239def2-12e0-oopp.tmp
c:\users\All Users\avg8\update\backup\incavi.avm
c:\users\All Users\avg8\update\backup\microavi.avg
c:\users\All Users\avg8\update\backup\sb.dat
c:\users\All Users\avg8\update\backup\sb2.dat
c:\users\All Users\avg8\update\backup\sc.dat
c:\users\All Users\avg8\update\prepare\incavi.avm
c:\users\All Users\avg8\update\prepare\sb.dat.prepare
c:\users\All Users\avg8\update\prepare\sc.dat.prepare

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-01 to 2009-03-01 )))))))))))))))))
.

2009-02-27 22:03 . 2009-02-27 22:40 <KANSIO> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-27 22:03 . 2009-02-27 22:40 <KANSIO> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-27 22:03 . 2009-02-27 22:03 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy
2009-02-23 17:33 . 2009-02-28 12:48 <KANSIO> d-------- c:\program files\SUPERAntiSpyware
2009-02-23 17:33 . 2009-02-23 17:33 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-22 20:51 . 2009-02-22 20:51 <KANSIO> d-------- c:\users\All Users\ATI
2009-02-22 20:51 . 2009-02-22 20:51 <KANSIO> d-------- c:\programdata\ATI
2009-02-22 20:41 . 2009-02-22 20:41 0 --a------ c:\windows\ativpsrm.bin
2009-02-22 20:36 . 2009-02-22 20:36 <KANSIO> d-------- C:\ATI
2009-02-22 16:06 . 2009-02-22 16:08 <KANSIO> d-------- c:\program files\Spyware Doctor
2009-02-22 16:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2009-02-22 16:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2009-02-22 16:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2009-02-22 16:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2009-02-21 22:54 . 2009-02-21 22:54 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\PeerNetworking
2009-02-21 12:28 . 2009-02-28 10:46 <KANSIO> d--h----- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-21 12:28 . 2009-02-28 10:46 <KANSIO> d--h----- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-20 17:38 . 2009-02-05 23:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-20 14:06 . 2009-02-20 14:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 14:06 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-20 14:06 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-19 14:34 . 2009-02-19 20:10 <KANSIO> d-------- c:\program files\Lavalys
2009-02-19 14:27 . 2009-02-19 14:27 <KANSIO> d-------- c:\windows\Internet Logs
2009-02-19 00:25 . 2009-02-19 00:25 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\PC Tools
2009-02-18 19:25 . 2009-02-19 10:37 <KANSIO> d-------- c:\program files\Common Files\PC Tools
2009-02-16 19:02 . 2009-02-16 19:02 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\Malwarebytes
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-02-16 17:05 . 2009-02-16 17:05 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\SUPERAntiSpyware.com
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-16 15:56 . 2009-02-16 15:56 <KANSIO> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-16 14:56 . 2009-02-22 21:47 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\IObit
2009-02-16 01:25 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 01:25 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 01:25 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 01:25 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 01:25 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 22:02 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:02 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 19:52 . 2009-02-08 19:52 85 --a------ c:\windows\cdplayer.ini
2009-02-08 19:43 . 2009-02-08 19:43 <KANSIO> d-------- c:\program files\Common Files\xing shared
2009-02-08 19:42 . 2009-02-08 19:42 <KANSIO> d-------- c:\program files\Real
2009-02-06 22:34 . 2009-02-06 22:34 <KANSIO> d-------- c:\users\xxx\AppData\Roaming\Talkback
2009-02-06 22:34 . 2009-02-06 22:34 0 --a------ c:\windows\nsreg.dat
2009-02-06 22:33 . 2009-02-13 23:03 <KANSIO> d-------- c:\users\Public\RealArcade
2009-02-06 22:33 . 2009-02-06 22:33 <KANSIO> d-------- c:\users\All Users\Mozilla

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 08:21 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-28 18:00 --------- d---a-w c:\program files\AMV Converter
2009-02-28 10:03 --------- d-----w c:\programdata\Apple Computer
2009-02-28 09:18 --------- d-----w c:\program files\IObit
2009-02-28 08:46 --------- d-----w c:\programdata\Lavasoft
2009-02-27 17:44 --------- d-----w c:\programdata\FLEXnet
2009-02-23 06:57 --------- d-----w c:\program files\ATI
2009-02-22 19:39 --------- d---a-w c:\programdata\TEMP
2009-02-22 18:45 --------- d-----w c:\program files\ATI Technologies
2009-02-19 15:36 --------- d-----w c:\program files\Common Files\Apple
2009-02-19 15:30 --------- d-----w c:\users\xxx\AppData\Roaming\Yahoo!
2009-02-19 15:30 --------- d-----w c:\programdata\Yahoo!
2009-02-19 15:30 --------- d-----w c:\program files\Yahoo!
2009-02-19 15:18 --------- d-----w c:\program files\QuickTime
2009-02-13 12:10 --------- d-----w c:\program files\Google
2009-02-12 07:52 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 07:51 --------- d-----w c:\program files\Windows Mail
2009-02-08 17:42 --------- d-----w c:\program files\Common Files\Real
2009-02-04 07:29 4,303,360 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-02-04 05:02 442,368 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-02-04 05:00 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-02-04 05:00 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-02-04 05:00 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-02-04 05:00 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-02-04 05:00 11,264 ----a-w c:\windows\System32\atimuixx.dll
2009-02-04 04:59 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-02-04 04:58 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-02-04 04:43 3,903,488 ----a-w c:\windows\System32\atiumdag.dll
2009-02-04 04:22 4,905,472 ----a-w c:\windows\System32\atiumdva.dll
2009-02-04 04:11 11,366,400 ----a-w c:\windows\System32\atioglxx.dll
2009-02-04 04:07 51,712 ----a-w c:\windows\System32\amdpcom32.dll
2009-02-04 04:07 131,072 ----a-w c:\windows\System32\atiadlxx.dll
2009-02-04 03:53 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:01 57,344 ----a-w c:\windows\System32\aticalrt.dll
2009-02-04 03:01 53,248 ----a-w c:\windows\System32\aticalcl.dll
2009-02-04 02:58 3,252,224 ----a-w c:\windows\System32\aticaldd.dll
2009-01-07 14:49 --------- d-----w c:\users\xxx\AppData\Roaming\Skype
2009-01-07 14:09 --------- d-----w c:\users\xxx\AppData\Roaming\skypePM
2008-12-13 01:48 60,744 ----a-w c:\users\xxx\g2mdlhlpx.exe
2008-06-16 07:07 174 --sha-w c:\program files\desktop.ini
2008-01-29 12:28 32 ----a-w c:\users\All Users\ezsid.dat
2008-01-29 12:28 32 ----a-w c:\programdata\ezsid.dat
2007-09-16 06:35 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-28_20.01.30,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-28 16:20:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-01 08:21:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-28 16:20:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-01 08:21:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-28 16:22:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-01 08:24:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-01 08:24:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-28 18:00:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-01 08:24:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-01 08:24:35 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-28 17:33:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-01 08:24:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-28 17:33:55 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 08:24:45 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-28 17:33:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-01 08:24:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-28 17:58:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-01 08:30:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-01 08:30:44 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-28 16:25:37 119,616 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-01 08:26:58 119,616 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-28 16:25:37 99,368 ----a-w c:\windows\System32\perfc00B.dat
+ 2009-03-01 08:26:58 99,368 ----a-w c:\windows\System32\perfc00B.dat
- 2009-02-28 16:25:37 636,790 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-01 08:26:58 636,790 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-28 16:25:37 485,618 ----a-w c:\windows\System32\perfh00B.dat
+ 2009-03-01 08:26:58 485,618 ----a-w c:\windows\System32\perfh00B.dat
- 2009-02-28 16:22:40 15,270 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1110212224-4022218785-2376424616-1003_UserData.bin
+ 2009-03-01 08:25:02 15,286 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1110212224-4022218785-2376424616-1003_UserData.bin
- 2009-02-28 16:22:40 86,934 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-01 08:25:00 87,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-28 15:37:38 74,452 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-01 08:24:59 74,468 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-07 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-14 520192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-13 39408]
"Skytel"="Skytel.exe" [2007-04-14 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-08 185872]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71D75F7D-C7F3-48F3-8861-BD8D1B381E6C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DCD55947-1070-4130-8B39-AA152C973951}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{F99A2C5C-CD84-4E38-A85C-9C504B0AEB69}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0BB79B35-C98E-4F8F-9FC4-ACC86561EB68}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F93062DE-A70F-4715-A84D-79424CC9B883}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{731A195F-43B0-4AF6-BF3F-BDD0BB3C5C73}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{BEC119FB-CF66-4C37-B723-6B9FC16E1110}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{EF278762-A2AD-4173-8D37-9F6EED48F183}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"TCP Query User{B3ACDDED-DDF9-4545-9C72-BDED75D5AD36}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0AC3CBBE-E3FC-4945-B64E-8100BFF220BA}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{8ACE312A-D462-4A38-888A-C17D736103B8}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB1E2467-68AC-4CEA-B964-96C7AFC50F1F}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2007-04-03 35712]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-20 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-10-31 16:34:04 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-20 51792]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [2007-11-04 5120]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-22 356920]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-03-01 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe []

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-02-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-22 21:47]

2009-02-28 c:\windows\Tasks\User_Feed_Synchronization-{B397B829-38DC-4F82-9C9F-DDC46218E88F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/webhp?sourceid=navclient&hl=fi&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
FF - ProfilePath -

---- FIREFOXIN KÄYTÄNNÖT ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 10:33:54
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-03-01 10:36:39
ComboFix-quarantined-files.txt 2009-03-01 08:36:36
ComboFix2.txt 2009-02-28 18:03:11

Ennen ajoa: 38 395 613 184 tavua vapaana
Ajon jälkeen: 38,159,847,424 tavua vapaana

359 --- E O F --- 2009-02-28 20:44:54

 

Kirjoita suorita luukkuun

ComboFix /u

klikkaa ok

==========

scannaa uusi hjt:n loki

 

öö anteeks mihin luukkuun?

Tuplaklikkaanko conbofix, ja kun se avaan sinisen luukun ja ennenkuin aloittaa prosessoida työtä, kirjoitan tuon siihen siniseen luukkuun ja painan enteriä? kö?

Vaiko tarkoitatko komentoriviä?

 

Tuohon luukkuun

 

juu sorry, luin että "kirjoita suoraan luukkuun"
suorita-luukku olikin jo tuttu eilisistä harjoituksista...

Combofix poistettu, tässä uusi HJTH loki ja poistolista.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:24, on 1.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/webhp?sourceid=navclient&hl=fi&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKCU\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKCU\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9966 bytes


Poistolista

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS2
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe WAS CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
avast! Antivirus
AVN Audio Recorder 2.0
Catalyst Control Center - Branding
CCleaner (remove only)
EPSON-tulostinohjelma
e-Sword
EVEREST Ultimate Edition v4.50
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Malwarebytes' Anti-Malware
Microsoft Office 2003 Web-komponentit
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Small Business -yhteysosat
Microsoft Office Word MUI (Finnish) 2007
Microsoft Reader
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
O2Micro Flash Memory Card Reader Driver Installer(x86)
Outlook 2007 Business Contact Manager SP1
Outlook 2007 Business Contact Manager SP1
PDF Settings
PowerDVD
QuickTime
Readiris Pro 10
RealPlayer
Realtek High Definition Audio Driver
Samsung SCX-4200 Series
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype™ 3.6
Smart Defrag 1.11
SmarThru 4
Spyware Doctor 6.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009 ----> en pysty poistamaan kts. http://www.aijaa.com/v.php?i=3705164.jpg
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
World of Warcraft FREE Trial Tätä ei oikeasti ole koneellani tai sit on jossain tosi piilossa!!
Yahoo! Messenger

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

 

Kiitos taas tähänastisesta Paljon lähti sälää pois combofixillä.

Tää viimonen ei poistu hijackthis:llä, onko tuo ohjelma luotettava mitä se suosittelee käyttämään: LSPFix? Tai sit kokeilen Spybottia?

http://www.aijaa.com/v.php?i=3708954.jpg

Entä osaatko sanoa/ehditkö miettiä miksi poistolistalla näkyy ohjelmia joita koneelta ei löydy? Pitäiskö ne uudelleen/kokonaisina installoida että ne voisi sit poistaa.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:05, on 1.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/webhp?sourceid=navclient&hl=fi&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKCU\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKCU\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9740 bytes


Tänään netissä liikkuessa sivuilta toisille (esim sähköpostisivuille yms), vähän väliä tulee näkyviin varoitusikkunoita suojatusta/suojaamattomasta yhteydestä. Olisko jotkut explorerin/palomuurin tms asetukset voineet combofixin mukana muuttua, koska ei se ennen näin aktiivisesti ole ilmoitellut? En jaksa selittää, katso kuva taas

http://www.aijaa.com/v.php?i=3709347.jpg

Tästä varmaan pääsee, kun klikkaa vaan että älä kysy enää tätä uudelleen, mutta mietin vaan onko jotkut asetukset muuttunut huomaamattani?

 

mdnsnsp.dll <-- laita tuo sinne "Remove"

Lataa LSPfix.exe sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle).

Tupla-klikkaa LSPFix.exe jonka latasit
Rastita "I know what I'm doing" valinta.
Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>".
Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin.

Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix.

 

anteeksi nyt taas tyhmä kysymys, pliis ole kärsivällinen! minne sinne? :/

ootas yritän miettiä... suorita-ikkunaan, komento-ikkunaan, hijackthis-ikkunaan, muistioon...LSPFixiin?

Muuten, tuon mdnsNSP.dll-tiedoston sain eilen poistettua samoin kuin sen toisenkin tiedoston jotka oli Bonjour-kansiossa. Bonjour on jo heitetty mäkeen. Program Files kansiossa ei enää ole tuota mdnsNSP.dll-tiedostoa, joten en voi poistaa sitä komentorivin tai suorita-ikkunan komennolla. Jos sitä tarkoitit.

 

LSPFixiin

 

http://www.aijaa.com/v.php?i=3709761.jpg

ei onnistunut edes ohjelman lataus

 

pitää olla ne järjestelmän valvojan oikeudet

 

Joo alan mä oppia..
Mut onko tää ihan varmasti näin ok? painan finish? joo joo uskallan :}

http://www.aijaa.com/v.php?i=3709920.jpg

 

joo jooo rohkee rokan syö