CiD pop-ups [OS: Vista]

Aikaisemmin tänään tullut muutamia ponnahdusikkunoita, joissa esimerkiksi esiintynyt alussa "CiD". Tehtävienhallintalistalla esiintyy vielä 2 "iexplorer.exe"-prosessia, jotka eivät suostu lähtemään - oletan siis ettei mitään ole korjaantunut, vaikka ponnahdusikkunoita ei ole muutamaan tuntiin ilmaantunutkaan.

Tässä HiJackThis logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:01, on 15.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Astraea\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sign drv] "C:\ProgramData\Tons Proc Proc.hofofo0"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10110 bytes

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Arcade Deluxe
Acer Bio Protection

AAU 6.0.00.16
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Agere Systems HDA Modem
AMD USB Audio Driver Filter
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVG 8.0
BitLord 1.1
Catalyst Control Center - Branding
Contacts
CyberLink PowerDirector
CyberLink PowerDirector
DivX Codec
DivX Converter
DivX Player
DivX Web Player
eSobi v2
Eusing Free Registry Cleaner
EVEREST Ultimate Edition v4.50
HijackThis 2.0.2
Java(TM) 6 Update 11
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 4.3.4
Launch Manager
Malwarebytes' Anti-Malware
Messenger Plus! Live & Sponsor (CiD)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NTI Backup Now 5
NTI Media Maker 8
OpenOffice.org 3.0
Opera 9.63
Orion
PhotoNow!
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SPBA 5.8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Search Dispatcher
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Veoh Web Player Beta
VeohTV BETA
Winamp
Winbond CIR Device Drivers
Windows Live Call
Windows Live installer
Windows Live Messenger
WinRAR archiver
VistaGlazz 1.1
VLC media player 0.9.8a

 

Poista lisää poista sovelutuksesta

Java(TM) 6 Update 7

==============

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

=============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.34
Database version: 1764
Windows 6.0.6001 Service Pack 1

15.2.2009 22:15:11
mbam-log-2009-02-15 (22-15-11).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 178596
Time elapsed: 1 hour(s), 30 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Combofixin raportti:

ComboFix 09-02-15.01 - Astraea 2009-02-15 23:54:45.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3293.2356 [GMT 2:00]
Sijainti: c:\users\Astraea\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-15 to 2009-02-15 )))))))))))))))))
.

2009-02-15 20:15 . 2009-02-15 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-15 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\users\Astraea\AppData\Roaming\Malwarebytes
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-15 13:16 . 2009-02-15 13:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 12:42 . 2009-02-15 12:42 <DIR> d-------- c:\program files\Opera
2009-02-12 19:48 . 2009-02-12 19:48 <DIR> d-------- c:\users\All Users\Hold Trust Amok Mode
2009-02-12 19:48 . 2009-02-12 19:48 <DIR> d-------- c:\programdata\Hold Trust Amok Mode
2009-02-12 19:47 . 2009-02-12 19:48 <DIR> d-------- c:\users\All Users\readme file each
2009-02-12 19:47 . 2009-02-12 19:48 <DIR> d-------- c:\programdata\readme file each
2009-02-12 09:52 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 09:52 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:15 . 2009-02-10 21:15 <DIR> d-------- c:\program files\VideoLAN
2009-02-09 13:26 . 2009-02-15 12:13 <DIR> d-------- c:\program files\Common Files\Real
2009-02-09 13:25 . 2009-02-09 13:25 <DIR> d-------- c:\program files\Real
2009-02-06 19:59 . 2009-02-06 19:59 <DIR> d-------- c:\windows\System32\Adobe
2009-01-16 15:34 . 2009-01-16 15:35 359,544,981 --a------ c:\windows\MEMORY.DMP
2009-01-15 17:46 . 2009-01-15 17:46 <DIR> d-------- C:\Downloads
2009-01-15 17:44 . 2009-01-15 17:49 <DIR> d-------- c:\program files\BitComet

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 18:03 --------- d-----w c:\program files\Java
2009-02-15 10:09 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-15 09:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 17:47 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-12 17:47 --------- d-----w c:\program files\Circle Developement
2009-02-12 09:07 --------- d-----w c:\program files\Windows Mail
2009-01-30 16:34 --------- d-----w c:\program files\Veoh Networks
2009-01-16 07:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-04 15:49 --------- d-----w c:\program files\DivX
2009-01-04 15:49 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-01 21:41 --------- d-----w c:\program files\Firewall & Anti-Virus Installations
2009-01-01 21:37 --------- d-----w c:\programdata\McAfee
2009-01-01 21:17 23,832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2009-01-01 21:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-01 21:17 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-01 21:17 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-01 21:17 --------- d-----w c:\programdata\avg8
2009-01-01 21:17 --------- d-----w c:\program files\AVG
2009-01-01 21:11 --------- d-----w c:\program files\Nero
2009-01-01 21:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 04:46 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-09 14:19 615,424 ----a-w c:\windows\System32\themeui.dll
2008-12-09 14:19 240,128 ----a-w c:\windows\System32\uxtheme.dll
2008-12-04 16:09 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-04 15:50 5,632 ----a-w c:\windows\System32\biologon.dll
2008-12-04 15:50 331,776 ----a-w c:\windows\System32\DrvCrypt.dll
2008-12-04 15:50 23,040 ----a-w c:\windows\System32\ShlCmd.exe
2008-12-04 15:50 16,384 ----a-w c:\windows\System32\AlfaFF.dll
2008-12-04 15:50 118,784 ----a-w c:\windows\System32\VMC3KAPI.dll
2008-12-04 15:50 114,688 ----a-w c:\windows\System32\VCryptAPI.dll
2008-12-04 15:50 1,468,928 ----a-w c:\windows\System32\bsapi.dll
2008-11-24 14:32 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\System32\pxafs.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-01-21 02:23 397,312 --sha-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 02:52 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sign drv"="c:\programdata\Tons Proc Proc.hofofo0" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-12-04 3673600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-01 1601304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-08-19 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-12-04 17:50 3116032 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83828E73-E67E-431E-B642-23D8522B6A89}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{2074DDDA-6A76-4DD9-8B90-4D1EB7B805D2}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E237ABC8-09B4-44BE-A51C-394B4A329E99}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{B511639B-577C-43E4-A5EE-AFC4FE0CA430}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A231B6F0-AEA8-4A84-AA63-F48FC382DFEC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3AD0952B-9179-4784-BAE8-1819F07BC562}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{33A3ED55-312C-4A28-9218-4A47F3A8C119}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5289D055-5DB6-4D5E-AAA4-6ACD53F92436}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8E99E582-8885-4A50-84C7-A131DEFEB50E}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A7C94EDF-E2E6-4CAD-997A-F6BA5B0EB671}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3366540C-7406-49F6-A904-0A196DC1516C}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{D8722696-B0A1-4D88-A503-19183B581B33}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{B44EB0A1-4C3B-4F87-B25F-C2530E1B7BE8}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{5985CAAE-9C7D-4F4C-9FC8-2CDA8CA4E7AB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{097E5D9C-3349-4F41-9AF4-62DE306D6DEB}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{FE03F847-54A1-460B-AEE5-79C925599ED7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{4E65CE03-9F03-4D2C-A16F-FCE1983021BB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{51DFD725-6016-491C-B038-A0EAAC57B3F0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{1A85BEC3-D14E-478E-B04E-33F89A91B2D9}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{49CCFDC8-1803-426E-BA95-0D912DA2EA05}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-12-04 43184]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-01-01 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [2009-01-01 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-01 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-01 107272]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-04 17:56:07 61424]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-01 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-01 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-01 1339600]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-04 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-11 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-12-04 3521024]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-04 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-13 1153368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-07-11 47616]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-12-05 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Astraea\AppData\Roaming\Mozilla\Firefox\Profiles\11k3u207.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
1 file(s) moved.
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 00:00:23
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(4788)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Astraea\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-16 0:04:39 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-02-15 22:04:29

Ennen ajoa: 105 254 883 328 bytes free
Ajon jälkeen: 104,753,180,672 bytes free

235 --- E O F --- 2009-02-12 09:10:16

 

Poista lisää poista sovelutuksesta

System Search Dispatcher

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

En voi poistaa ohjelmaa System Search Dispatcher, sillä käynnissä ovat vielä nuo 2 "iexplore.exe"-ohjelmaa.

Ilmoitus: "Please close all Internet Explorer before uninstallation"

Teenkö nuo muut vaiheet tästä huolimatta vai jotain muuta ennen kuin menen eteenpäin?

 

System Search Dispatcher tuo pois ja sulje kaikki muut ohjelmat
selaimet.

sitten tuo combofix juttu sen jälkeen

 

System Search Dispatcher poistui Combofixin yhteydessä. Samalla näyttävät nuo ylimääräiset "iexplore.exe"-prosessit kadonneen.

___________________________________________________

ComboFix 09-02-15.01 - Astraea 2009-02-16 1:36:11.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3293.2324 [GMT 2:00]
Sijainti: c:\users\Astraea\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Astraea\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
c:\programdata\McAfee
c:\programdata\McAfee\MSC\Cache\McSubDB.Bak
c:\programdata\McAfee\MSC\mcini.ini
c:\programdata\McAfee\MSC\McSubDB.Dat

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-15 to 2009-02-15 )))))))))))))))))
.

2009-02-15 20:15 . 2009-02-15 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 20:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-15 20:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\users\Astraea\AppData\Roaming\Malwarebytes
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-15 14:04 . 2009-02-15 14:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-15 13:16 . 2009-02-15 13:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 12:42 . 2009-02-15 12:42 <DIR> d-------- c:\program files\Opera
2009-02-12 19:48 . 2009-02-12 19:48 <DIR> d-------- c:\users\All Users\Hold Trust Amok Mode
2009-02-12 19:48 . 2009-02-12 19:48 <DIR> d-------- c:\programdata\Hold Trust Amok Mode
2009-02-12 19:47 . 2009-02-12 19:48 <DIR> d-------- c:\users\All Users\readme file each
2009-02-12 19:47 . 2009-02-12 19:48 <DIR> d-------- c:\programdata\readme file each
2009-02-12 09:52 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 09:52 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 21:15 . 2009-02-10 21:15 <DIR> d-------- c:\program files\VideoLAN
2009-02-09 13:26 . 2009-02-15 12:13 <DIR> d-------- c:\program files\Common Files\Real
2009-02-09 13:25 . 2009-02-09 13:25 <DIR> d-------- c:\program files\Real
2009-02-06 19:59 . 2009-02-06 19:59 <DIR> d-------- c:\windows\System32\Adobe
2009-01-16 15:34 . 2009-01-16 15:35 359,544,981 --a------ c:\windows\MEMORY.DMP
2009-01-15 17:46 . 2009-01-15 17:46 <DIR> d-------- C:\Downloads
2009-01-15 17:44 . 2009-01-15 17:49 <DIR> d-------- c:\program files\BitComet

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 18:03 --------- d-----w c:\program files\Java
2009-02-15 10:09 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-15 09:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 17:47 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-12 17:47 --------- d-----w c:\program files\Circle Developement
2009-02-12 09:07 --------- d-----w c:\program files\Windows Mail
2009-01-30 16:34 --------- d-----w c:\program files\Veoh Networks
2009-01-16 07:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-04 15:49 --------- d-----w c:\program files\DivX
2009-01-04 15:49 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-01 21:41 --------- d-----w c:\program files\Firewall & Anti-Virus Installations
2009-01-01 21:17 23,832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2009-01-01 21:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-01 21:17 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-01 21:17 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-01 21:17 --------- d-----w c:\programdata\avg8
2009-01-01 21:17 --------- d-----w c:\program files\AVG
2009-01-01 21:11 --------- d-----w c:\program files\Nero
2009-01-01 21:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 04:46 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-09 14:19 615,424 ----a-w c:\windows\System32\themeui.dll
2008-12-09 14:19 240,128 ----a-w c:\windows\System32\uxtheme.dll
2008-12-04 16:09 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-04 15:50 5,632 ----a-w c:\windows\System32\biologon.dll
2008-12-04 15:50 331,776 ----a-w c:\windows\System32\DrvCrypt.dll
2008-12-04 15:50 23,040 ----a-w c:\windows\System32\ShlCmd.exe
2008-12-04 15:50 16,384 ----a-w c:\windows\System32\AlfaFF.dll
2008-12-04 15:50 118,784 ----a-w c:\windows\System32\VMC3KAPI.dll
2008-12-04 15:50 114,688 ----a-w c:\windows\System32\VCryptAPI.dll
2008-12-04 15:50 1,468,928 ----a-w c:\windows\System32\bsapi.dll
2008-11-24 14:32 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\System32\pxafs.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-01-21 02:23 397,312 --sha-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-16_ 0.02.41.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 21:59:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-15 21:59:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-15 22:00:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-15 22:01:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-15 22:01:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 20:29:58 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-15 22:06:35 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 20:29:58 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-15 22:06:35 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 20:26:26 9,006 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3667293978-1690583467-714397893-1000_UserData.bin
+ 2009-02-15 22:01:51 9,430 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3667293978-1690583467-714397893-1000_UserData.bin
- 2009-02-15 20:26:26 79,990 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-15 22:01:50 79,990 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 02:52 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sign drv"="c:\programdata\Tons Proc Proc.hofofo0" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-12-04 3673600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-01 1601304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2008-08-19 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-12-04 17:50 3116032 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83828E73-E67E-431E-B642-23D8522B6A89}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{2074DDDA-6A76-4DD9-8B90-4D1EB7B805D2}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E237ABC8-09B4-44BE-A51C-394B4A329E99}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{B511639B-577C-43E4-A5EE-AFC4FE0CA430}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A231B6F0-AEA8-4A84-AA63-F48FC382DFEC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3AD0952B-9179-4784-BAE8-1819F07BC562}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{33A3ED55-312C-4A28-9218-4A47F3A8C119}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5289D055-5DB6-4D5E-AAA4-6ACD53F92436}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8E99E582-8885-4A50-84C7-A131DEFEB50E}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A7C94EDF-E2E6-4CAD-997A-F6BA5B0EB671}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3366540C-7406-49F6-A904-0A196DC1516C}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{D8722696-B0A1-4D88-A503-19183B581B33}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{B44EB0A1-4C3B-4F87-B25F-C2530E1B7BE8}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{5985CAAE-9C7D-4F4C-9FC8-2CDA8CA4E7AB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{097E5D9C-3349-4F41-9AF4-62DE306D6DEB}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{FE03F847-54A1-460B-AEE5-79C925599ED7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{4E65CE03-9F03-4D2C-A16F-FCE1983021BB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{51DFD725-6016-491C-B038-A0EAAC57B3F0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{1A85BEC3-D14E-478E-B04E-33F89A91B2D9}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{49CCFDC8-1803-426E-BA95-0D912DA2EA05}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-12-04 43184]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-01-01 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [2009-01-01 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-01 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-01 107272]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-04 17:56:07 61424]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-01 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-01 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-01 1339600]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-04 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-11 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-12-04 3521024]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-04 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-13 1153368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-07-11 47616]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-12-05 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Astraea\AppData\Roaming\Mozilla\Firefox\Profiles\11k3u207.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 01:38:31
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-16 1:40:14
ComboFix-quarantined-files.txt 2009-02-15 23:40:10
ComboFix2.txt 2009-02-15 22:04:41

Ennen ajoa: 105 926 717 440 bytes free
Ajon jälkeen: 105,895,374,848 bytes free

217 --- E O F --- 2009-02-12 09:10:16

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:05, on 16.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\CF9126.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040b&s=2&o=vp32&d=1208&m=aspire_6530g
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sign drv] "C:\ProgramData\Tons Proc Proc.hofofo0"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8585 bytes

 

O4 - HKCU\..\Run: [Sign drv] "C:\ProgramData\Tons Proc Proc.hofofo0"

Mikähän tuo on

 

Ei valitettavasti ole minkäänlaista tietoa. Samaa itsekin mietin.

 

Fixsaa pois se rivi

================

kirjoita suorita luukkuun

ComboFix /u

Klikkaa OK

 

Tehty.

Kaikki valmista?

Suuret kiitokset avusta - ja yleensäkin, että tähän aikaan jaksat vastailla.

Mahdollisesti suositella joitain ohjelmia, joiden huomasit minulta puuttuvat?

 

Tuo sulla nyt on

Malwarebytes' Anti-Malware <-- päivitä ennen täysi scannausta

No mä kyllä ottasin mieluiten pois yhen mutta antaa nyt olla


Eihän sulla ole vistan palomuuria päällä.
eikös tuossa avg8 ole myös palomuuri tää taitaa olla se maksullinen versio.

 

Kyllä, AVG 8.0 sisältää palomuurin - ja Windows palomuuri poissa käytöstä.

Tuossa toisella koneella on vielä ongelmia Firefoxin käyttäytymisen suhteen. Teen siitä kohtapuoliin oman viestiketjunsa.

Mahtaako Afterdawn sisältää mitään reputation-/ tai donation-toimintoa, joilla voisi jotenkin korvata auttajien näkemä vaiva?

 

juu on ... sa vaan puudutettua oman perän