Elikkäs nopeesti apua :( netti ei oikeen toimi. hjt-log

Mulla on tässä koneella jotakin nyt tekeillä kun netti ei toimi jossain määrin esim. norton ei päivitä, ei mene tietyille sivuille netissä. ja muutenki tää kone käyttäytyy oudosti. On löytyny jotakin DNS-Changereita mutta ne eivät poistu. Skannattu malwarebytes-antimalwarella ja combofixilla, muttei ollut apua.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:29, on 30.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Onn4\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95C8CFB6-A1F5-466F-8F70-BAE6A4040C9E}: NameServer = 85.255.112.104;85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{95C8CFB6-A1F5-466F-8F70-BAE6A4040C9E}: NameServer = 85.255.112.104;85.255.112.144
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsnv.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8221 bytes

 

Combofixiä ei saa ajaa ellei joku asiantuveva ihminen niin sano.

Käynnistä hijackthis ja merkitse seuraavat rivit

O17 - HKLM\System\CCS\Services\Tcpip\..\{95C8CFB6-A1F5-466F-8F70-BAE6A4040C9E}: NameServer = 85.255.112.104;85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{95C8CFB6-A1F5-466F-8F70-BAE6A4040C9E}: NameServer = 85.255.112.104;85.255.112.144


Lopuksi paina fix checked.


Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

Tässä lokit. Taisi lähteä..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:25, on 30.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Onn4\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Hijackthis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8113 bytes


Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1340
Windows 6.0.6001 Service Pack 1

30.10.2008 16:55:37
mbam-log-2008-10-30 (16-55-37).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 115799
Kulunut aika: 46 minute(s), 24 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Lähetäppäs viellä tuo eka malwarebytesin loki ja combon loki.

C:\ComboFix.txt

 

Siis hetkinen mikä eka mbam-loki? Tässä on tää comboloki.

ComboFix 08-10-30.05 - Onn4 2008-10-30 17:58:02.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2037 [GMT 2:00]
Sijainti: C:\Users\Onn4\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\Desktop_.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-28 to 2008-10-30 )))))))))))))))))
.

2008-10-30 17:53 . 2008-10-30 17:53 318,976 --a------ C:\Windows\System32\CF19427.exe
2008-10-30 17:18 . 2008-10-30 17:18 <KANSIO> d-------- C:\Windows\LastGood
2008-10-30 17:08 . 2008-10-30 17:08 <KANSIO> d-------- C:\Windows\Sun
2008-10-30 17:08 . 2008-10-30 17:08 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\SystemRequirementsLab
2008-10-30 17:08 . 2008-10-30 17:08 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2008-10-30 16:35 . 2008-10-30 16:35 88 --a------ C:\Windows\wininit.ini
2008-10-30 16:29 . 2008-01-07 10:44 618,904 --a------ C:\Windows\System32\bcmwl6.inf
2008-10-30 16:25 . 2007-07-30 22:13 743,424 --a------ C:\Windows\System32\athr.sys
2008-10-30 16:25 . 2007-07-30 22:12 92,917 --a------ C:\Windows\System32\netathr.inf
2008-10-30 15:27 . 2008-10-30 16:36 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-30 15:27 . 2008-10-30 16:36 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-29 21:53 . 2008-10-29 21:53 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 21:53 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-29 21:53 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-29 21:39 . 2008-10-29 21:39 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\Simply Super Software
2008-10-29 21:22 . 2008-09-19 12:26 82,944 --a------ C:\Windows\System32\o4Patch.exe
2008-10-29 21:22 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-10-29 21:22 . 2008-09-19 12:26 82,944 --a------ C:\Windows\System32\IEDFix.C.exe
2008-10-29 21:22 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe
2008-10-29 21:19 . 2008-10-29 21:19 <KANSIO> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-29 21:19 . 2008-10-29 21:19 <KANSIO> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-29 15:46 . 2008-10-30 17:37 <KANSIO> d-------- C:\Hijackthis
2008-10-29 13:44 . 2008-10-29 13:44 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-10-29 11:25 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-10-29 11:25 . 2008-09-03 05:59 468,992 --a------ C:\Windows\System32\newdev.dll
2008-10-29 11:25 . 2008-09-03 05:58 74,752 --a------ C:\Windows\System32\newdev.exe
2008-10-29 11:25 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-10-29 11:25 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-10-29 11:14 . 2008-08-12 05:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-29 11:14 . 2008-09-18 06:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 11:14 . 2008-09-18 06:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-28 21:04 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-10-28 21:04 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-10-28 21:04 . 2008-09-08 23:38 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe
2008-10-28 21:04 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-10-28 21:04 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-10-28 21:04 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-10-28 21:04 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-10-28 21:04 . 2008-10-29 23:15 2,206 --a------ C:\Windows\System32\tmp.reg
2008-10-27 17:23 . 2008-10-27 17:23 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\Template
2008-10-27 17:23 . 2008-10-27 17:23 0 --a------ C:\Users\Onn4\AppData\Roaming\wklnhst.dat
2008-10-27 08:45 . 2008-10-27 08:45 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\Malwarebytes
2008-10-27 08:45 . 2008-10-27 08:45 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-10-27 08:45 . 2008-10-27 08:45 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-10-26 20:01 . 2008-10-30 17:51 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\foobar2000
2008-10-26 11:17 . 2008-10-30 16:29 <KANSIO> d-------- C:\Program Files\Broadcom
2008-10-26 11:16 . 2008-10-26 11:16 <KANSIO> d-------- C:\Users\All Users\Broadcom
2008-10-26 11:16 . 2008-10-26 11:16 <KANSIO> d-------- C:\ProgramData\Broadcom
2008-10-26 11:08 . 2008-10-26 11:08 <KANSIO> d-------- C:\Windows\Options
2008-10-26 11:08 . 2008-10-30 16:25 <KANSIO> d-------- C:\Program Files\Atheros
2008-10-26 11:08 . 2007-08-03 13:40 30,696 --a------ C:\Windows\System32\athrext.cat
2008-10-26 11:07 . 2008-10-26 11:07 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\InstallShield
2008-10-26 11:07 . 2008-10-26 11:07 <KANSIO> d-------- C:\Users\All Users\Atheros
2008-10-26 11:07 . 2008-10-26 11:07 <KANSIO> d-------- C:\ProgramData\Atheros
2008-10-26 09:37 . 2008-10-30 17:39 <KANSIO> d-------- C:\Program Files\DC++
2008-10-26 09:34 . 2008-10-29 20:05 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\uTorrent
2008-10-26 09:34 . 2008-10-26 09:34 <KANSIO> d-------- C:\Program Files\uTorrent
2008-10-26 09:23 . 2008-10-27 21:49 27,744 --a------ C:\Users\Onn4\AppData\Roaming\nvModes.dat
2008-10-26 09:22 . 2008-10-26 09:22 <KANSIO> d-------- C:\Games
2008-10-26 09:21 . 2008-10-26 09:21 0 --a------ C:\Windows\PowerReg.dat
2008-10-26 09:15 . 2008-10-26 09:15 <KANSIO> d-------- C:\Program Files\Infogrames Interactive
2008-10-26 09:14 . 2008-10-26 09:15 <KANSIO> d-------- C:\Program Files\WinMount
2008-10-26 09:14 . 2007-04-11 12:35 196,224 --a------ C:\Windows\System32\WinMTBus.sys
2008-10-26 09:14 . 2007-04-11 12:35 196,224 --a------ C:\Windows\System32\drivers\WinMTBus.sys
2008-10-26 09:14 . 2007-04-11 12:35 1,724 --a------ C:\Windows\System32\WinMTBus.inf
2008-10-26 08:44 . 2008-10-26 08:44 <KANSIO> d-------- C:\Users\All Users\Messenger Plus!
2008-10-26 08:44 . 2008-10-26 08:44 <KANSIO> d-------- C:\ProgramData\Messenger Plus!
2008-10-26 05:56 . 2008-02-10 13:53 17,730,504 --a------ C:\Windows\eRy.exe
2008-10-26 05:56 . 2002-11-14 16:32 55,808 --a------ C:\Windows\devcon.exe
2008-10-26 05:56 . 2008-10-25 19:09 1,966 --a------ C:\Windows\CLEANUP.CMD
2008-10-26 05:56 . 2007-08-10 10:37 397 --a------ C:\Windows\MSSEC_RB.CMD
2008-10-26 05:56 . 2007-06-26 06:48 387 --a------ C:\Windows\MSSFT_RB.CMD
2008-10-26 05:56 . 2007-01-15 14:28 336 --a------ C:\Windows\ACERTOURREMINDERRUN.REG
2008-10-26 05:56 . 2007-04-26 17:02 294 --a------ C:\Windows\offline.reg
2008-10-26 05:56 . 2003-10-21 19:24 155 --a------ C:\Windows\IR.reg
2008-10-26 05:56 . 2007-02-02 14:26 92 --a------ C:\Windows\CLEANUP.INI
2008-10-26 05:56 . 2004-06-14 02:24 30 --a------ C:\Windows\SETPANEL.INI
2008-10-26 05:56 . 2008-10-26 05:56 3 --a------ C:\Windows\AFirst.cmd
2008-10-25 22:21 . 2008-10-25 22:21 <KANSIO> d-------- C:\Program Files\Maxis
2008-10-25 22:05 . 2008-10-25 22:05 <KANSIO> d-------- C:\Program Files\ffdshow
2008-10-25 22:05 . 2008-06-08 22:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-10-25 22:05 . 2008-06-12 19:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-10-25 22:05 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-10-25 21:41 . 2008-10-25 22:02 <KANSIO> d-a------ C:\Users\All Users\TEMP
2008-10-25 21:41 . 2008-10-25 22:02 <KANSIO> d-a------ C:\ProgramData\TEMP
2008-10-25 21:40 . 2008-10-25 21:40 <KANSIO> d-------- C:\Program Files\Common Files\SWF Studio
2008-10-25 21:32 . 2008-10-25 21:32 244 --ah----- C:\sqmnoopt00.sqm
2008-10-25 21:32 . 2008-10-25 21:32 232 --ah----- C:\sqmdata00.sqm
2008-10-25 21:23 . 2008-10-25 21:23 <KANSIO> d-------- C:\Program Files\foobar2000
2008-10-25 21:17 . 2008-10-25 21:16 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-10-25 21:16 . 2008-10-25 21:16 <KANSIO> d-------- C:\Program Files\Java
2008-10-25 21:13 . 2008-10-25 21:13 <KANSIO> d-------- C:\Windows\System32\Adobe
2008-10-25 21:07 . 2008-10-25 21:07 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2008-10-25 21:01 . 2008-10-25 21:01 <KANSIO> d-------- C:\Program Files\CCleaner
2008-10-25 20:55 . 2008-10-25 20:55 0 --a------ C:\Windows\nsreg.dat
2008-10-25 20:31 . 2008-10-25 20:36 <KANSIO> d-------- C:\Program Files\Windows Live
2008-10-25 20:31 . 2008-10-25 20:36 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-25 20:30 . 2008-10-25 20:30 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-10-25 20:30 . 2008-10-25 20:30 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-10-25 20:25 . 2008-10-25 20:24 25,136 -ra------ C:\Windows\System32\drivers\SymIMV.sys
2008-10-25 20:24 . 2008-10-25 20:24 <KANSIO> d-------- C:\Windows\System32\drivers\NIS
2008-10-25 20:24 . 2008-10-25 20:24 <KANSIO> d-------- C:\Users\All Users\Norton
2008-10-25 20:24 . 2008-10-25 20:24 <KANSIO> d-------- C:\ProgramData\Norton
2008-10-25 20:24 . 2008-10-25 20:24 <KANSIO> d-------- C:\Program Files\Symantec
2008-10-25 20:24 . 2008-10-25 20:24 <KANSIO> d-------- C:\Program Files\Norton Internet Security
2008-10-25 20:24 . 2008-10-25 20:38 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-25 20:24 . 2008-10-25 20:24 124,464 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-25 20:24 . 2008-10-25 20:24 10,635 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-25 20:24 . 2008-10-25 20:24 806 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-25 20:22 . 2008-10-25 20:23 <KANSIO> d-------- C:\Users\All Users\NortonInstaller
2008-10-25 20:22 . 2008-10-25 20:23 <KANSIO> d-------- C:\ProgramData\NortonInstaller
2008-10-25 20:22 . 2008-10-25 20:22 <KANSIO> d-------- C:\Program Files\NortonInstaller
2008-10-25 20:09 . 2008-10-25 20:09 <KANSIO> d-------- C:\Users\Onn4\AppData\Roaming\Yahoo!
2008-10-25 19:56 . 2008-10-25 19:56 92 --a------ C:\Windows\GridV.UNI
2008-10-25 19:39 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-10-25 19:35 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-10-25 19:35 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-10-25 19:35 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-10-25 19:35 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-10-25 19:24 . 2007-07-17 18:33 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe
2008-10-25 19:24 . 2006-11-12 10:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe
2008-10-25 19:24 . 2006-11-10 16:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe
2008-10-25 19:24 . 2005-12-09 08:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe
2008-10-25 19:24 . 2006-02-24 10:28 552 --a------ C:\Windows\System32\setup.iss
2008-10-25 19:23 . 2008-10-25 19:23 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-26 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-25 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-25 17:55 --------- d-----w C:\ProgramData\CyberLink
2008-10-25 17:50 --------- d-----w C:\Program Files\Windows Mail
2008-10-25 17:16 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-10-25 17:12 --------- d-----w C:\ProgramData\NVIDIA
2008-10-25 17:05 --------- d-sh--w C:\ProgramData\Työpöytä
2008-10-25 17:05 --------- d-sh--w C:\ProgramData\Tiedostot
2008-10-25 17:05 --------- d-sh--w C:\ProgramData\Suosikit
2008-10-25 17:05 --------- d-sh--w C:\ProgramData\Mallit
2008-10-25 17:05 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-10-25 17:05 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-10-02 08:07 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 81920]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-04-19 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2147204959-3798066907-3965332840-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06BE28DD-C214-49F7-9199-97407E5E4716}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{C3FC829B-CC0D-414C-AE2F-F06126C2621D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E042EFF2-FC43-4CE0-A16F-4E6F571B37D4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3FB17F8F-78F8-4A4C-BCF8-CD42B29FB562}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8BD2B463-A750-4F38-A923-528ABA3BA739}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{C6B18FAD-D00F-46B5-A9EA-8922E9BF67C7}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{9CD3FE1C-B448-4164-8549-C61EFADB9174}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{70F8031A-82F5-44DF-9A19-33261061D52F}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{716A733E-A1AD-4522-A729-75C8CA304430}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{6F82A9FE-043C-46A8-8709-D1A159C38013}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"{E7DFC31D-BD71-4B34-952F-956E4CDAAF7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{94337963-9C87-40A0-895F-CFA355B4A744}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CEC698AE-6FB7-418F-9900-C0C775D8FC16}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-25 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\Windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-25 254512]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-25 362544]
R1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSvix86.sys [2008-10-25 289840]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 16:15 41456]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2008-10-25 40496]
R3 WinMTBus;WinMount Bus;C:\Windows\system32\DRIVERS\WinMTBus.sys [2007-04-11 196224]
S2 Windows Tribute Service;Windows Tribute Service;C:\Windows\system32\kdsnv.exe [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{543b8c1e-a2cb-11dd-92d9-001b38dc62ae}]
\shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö

2008-10-30 C:\Windows\Tasks\Norton Internet Security - Onn4 - Täydellinen järjestelmäntarkistus .job
- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\Navw32.exe [2008-10-25 20:24]
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Onn4\AppData\Roaming\Mozilla\Firefox\Profiles\vzek15im.default\
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 18:00:47
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-30 18:02:22
ComboFix-quarantined-files.txt 2008-10-30 16:01:53

Ennen ajoa: 37,859,991,552 tavua vapaana
Ajon jälkeen: 37,830,209,536 tavua vapaana

256 --- E O F --- 2008-10-29 09:26:00

 

Eli siis Malwarebytesin ekaa lokia haen tässä.

Kaikki lokit näet kun käynnistät malwarebytesin ja Lokit lehtisestä pitäisi löytyä nämä.

 

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1337
Windows 6.0.6001 Service Pack 1

29.10.2008 21:09:21
mbam-log-2008-10-29 (21-09-21).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 42374
Kulunut aika: 6 minute(s), 4 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 7
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a3cdcd1a-04da-43eb-9f5f-921949623e4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e59f0dfa-5bb0-447d-bfc7-5620583fcc5c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104;85.255.112.144 -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Tollainen oli mutta nuo kun poisti niin ne löytyi aina ku uudestaa skannasi. nyt tuntuu et on jotain lähteny, sillä norton päivittää taas. haluaisin vaan varmistaa, että onko koneeni nyt puhdas =)

Hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:28, on 30.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\CF19427.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\System32\PressCancel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdsnv.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5942 bytes

 

Jep eipä ole viellä ihan puhdas poistellaan viellä noita jämiä.

Avaa Muistio ja kopioi seuraavat rivit siihen:

Sitten documentti tallennetaan työpöydälle nimellä Poisto.bat ja tiedostotyypiksi: All Files.
Aja työpöydällä oleva Järjestelmänvalvojana Poisto.bat-tiedosto.


Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

 

Kuuluuko ton poisto.batin vilahtaa vaan nopeasti auki ja sit menee kiinni? Laitan tässä illalla kaspersky lokin.

 

Juuh kuuluu vilahtaa mutta pistäppäs nyt vaikka jo se hijackthis loki niin katsotaan toimiko.

 

Tässäpä tämä =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:18, on 30.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\CF19427.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6033 bytes

 

Toimihan se

Pistä sitten sitä kaspersky lokia tuleen kun ehdit.

 

Tämmöinen tuli sitten.

Thursday, October 30, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 30, 2008 16:04:00
Records in database: 1361715
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 97721
Threat name 3
Infected objects 6
Suspicious objects 0
Duration of the scan 01:30:44

File name Threat name Threats count
C:\Users\Onn4\Documents\Ohjelmat\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.etc 1
C:\Users\Onn4\Documents\Ohjelmat\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Users\Onn4\Documents\Ohjelmat\SmitfraudFix_v2.354.exe Infected: Hoax.Win32.Renos.etc 1
C:\Users\Onn4\Documents\Ohjelmat\SmitfraudFix_v2.354.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Windows\System32\IEDFix.C.exe Infected: Hoax.Win32.Renos.etc 1
C:\Windows\System32\o4Patch.exe Infected: Hoax.Win32.Renos.etc 1
The selected area was scanned.

 

Mene -->Tänne<-- lähetä seuraava tiedosto sinne ja kerro tulokset.

C:\Windows\system32\CF19427.exe

 

Tämmmöinen tuli

A-Squared X
AntiVir TR/Crypt.PEPM.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Trojan.Packed.26840
ClamAV X
CPsecure Troj.PSW.W32.QQPass.cmk
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA Trojan.Packed.26840
Ikarus Trojan.Crypt.PEPM
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus Generic
Sophos Antivirus Mal/Generic-A
VirusBuster X
VBA32 X

 

Jep eli poistetaan.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Tää kone ei anna avata tota comboa. se tekee ne rekisteri backupit ja sit se sulkeutuu ja ei mee eteenpäin. kokeilin monta kertaa mutta ei pelitä.. Mikä neuvoksi?

 

Tässä uus hjt-loki. Tais hävitä se pöpö sieltä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:41, on 1.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5749 bytes