firefox jumittuu, firefox.exe jää päälle

an44i · Feb 3, 2009

Eli firefox jumittuu ja suostuu toimimaan uudelleen käynnistyksen jälkeen jonkin aikaa. Sitten yhteys näyttää lamaantuvan ja selainikkunan suljettaessa firefox.exe jää taustalle pyörimään. Eikä prosessia saa suljettua eikä uutta selainikkunaa avattua ilman boottausta.
koitin asentaa firefoxin uudestaan eikä auttanut. sama tuntuu käyvän myös explorerin kanssa.
Ongelma ilmeni kun F-securen tilaus umpeutu ja vaihdoin avastiin ja zonealarmiin. Toisessa koneessa toiminut ilman ongelmia, mutta nyt on jotain vialla.

tässä firefoxin lamaannuttua otettu loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:20, on 3.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm palomuuri\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Henna\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\nettiselainFF\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm palomuuri\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8025 bytes

Hujo · Feb 3, 2009

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

an44i · Feb 3, 2009

tällaista tuli, kiitoksia neuvoista jo etukäteen

ComboFix 09-02-02.04 - Henna 2009-02-03 19:52:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2046.1163 [GMT 2:00]
Sijainti: c:\users\Henna\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\log.txt

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
.

2009-02-03 17:55 . 2009-02-03 17:55 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-03 17:34 . 2009-02-03 17:34 <KANSIO> d-------- c:\program files\nettiselainFF
2009-01-31 11:59 . 2008-02-23 06:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-31 11:59 . 2008-02-23 04:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-01-31 11:58 . 2009-01-31 12:00 <KANSIO> d-------- c:\program files\ZoneAlarm palomuuri
2009-01-31 11:58 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-01-31 11:57 . 2009-01-31 11:58 <KANSIO> d-------- c:\windows\System32\ZoneLabs
2009-01-31 11:57 . 2009-02-03 17:48 348,371 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-01-31 11:57 . 2008-11-13 15:19 293,776 --a------ c:\windows\System32\drivers\vsdatant.sys
2009-01-31 11:53 . 2009-02-03 19:52 <KANSIO> d-------- c:\windows\Internet Logs
2009-01-31 11:53 . 2009-01-31 11:53 <KANSIO> d-------- c:\users\All Users\CheckPoint
2009-01-31 11:53 . 2009-01-31 11:53 <KANSIO> d-------- c:\programdata\CheckPoint
2009-01-31 10:52 . 2009-01-31 10:52 <KANSIO> d-------- c:\program files\Alwil Software
2009-01-31 10:52 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-01-29 19:39 . 2009-01-29 19:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-29 19:26 . 2008-04-26 10:08 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-29 19:26 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-01-29 19:26 . 2008-05-28 05:19 595,456 --a------ c:\windows\System32\FWPUCLNT.DLL
2009-01-29 19:26 . 2008-05-28 05:19 438,272 --a------ c:\windows\System32\IKEEXT.DLL
2009-01-29 19:26 . 2008-05-28 05:27 223,288 --a------ c:\windows\System32\drivers\netio.sys
2009-01-29 19:26 . 2008-05-28 05:28 101,432 --a------ c:\windows\System32\drivers\FWPKCLNT.SYS
2009-01-29 19:26 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-01-29 19:26 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-01-15 23:02 . 2009-01-15 23:02 <KANSIO> d-------- C:\PerfLogs
2009-01-14 18:26 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-03 14:13 . 2009-01-03 14:13 25 --a------ c:\windows\cdplayer.ini
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Real
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Common Files\xing shared
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:01 --------- d-----w c:\programdata\Symantec
2009-02-03 16:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-03 15:48 13,025 ----a-w c:\users\Henna\AppData\Roaming\nvModes.dat
2009-01-31 14:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 14:10 --------- d-----w c:\program files\Common Files\Nikon
2009-01-31 08:50 --------- d-----w c:\program files\Yahoo!
2009-01-31 08:44 --------- d-----w c:\programdata\F-Secure
2009-01-15 21:17 174 --sha-w c:\program files\desktop.ini
2009-01-15 21:07 --------- d-----w c:\program files\Windows Sidebar
2009-01-15 21:07 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-15 21:07 --------- d-----w c:\program files\Windows Mail
2009-01-15 21:07 --------- d-----w c:\program files\Windows Journal
2009-01-15 21:07 --------- d-----w c:\program files\Windows Defender
2009-01-15 21:07 --------- d-----w c:\program files\Windows Collaboration
2009-01-15 21:07 --------- d-----w c:\program files\Windows Calendar
2009-01-15 20:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-15 20:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-08 22:31 --------- d-----w c:\program files\Google
2008-12-21 13:40 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-21 13:21 --------- d-----w c:\program files\Bethesda Softworks
2008-12-14 15:48 --------- d-----w c:\users\Henna\AppData\Roaming\LucasArts
2008-12-07 18:05 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-07 18:05 --------- d-----w c:\program files\Java
2008-12-04 22:36 --------- d-----w c:\users\Henna\AppData\Roaming\CyberLink
2008-12-04 22:36 --------- d-----w c:\programdata\CyberLink
2008-12-04 13:51 20 ---h--w c:\users\All Users\PKP_DLec.DAT
2008-12-04 13:51 20 ---h--w c:\programdata\PKP_DLec.DAT
2008-12-04 13:18 --------- d-----w c:\programdata\NVIDIA
2008-10-01 09:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-01 09:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-01 09:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-03 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-03 185872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-06 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm palomuuri\zlclient.exe" [2008-11-13 981904]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-24 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6E3AC9B-B54D-4083-A91F-8850236DB4E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66CCB6EA-511B-473F-BDE9-9A61A76173CC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A246F17C-4120-4C2B-8C11-F3CF89DC7C80}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5B489581-A8C6-4F7E-B890-AC7B8437DFEE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{940511DE-554B-48E6-B881-92920DC6A76A}"= Disabled:UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{F4BEF8D4-A553-4ACA-819F-EF033380BF5D}"= Disabled:TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3F58CB5F-4563-4A2B-BF3B-C9D84047F000}"= Disabled:UDP:c:\program files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{64F03EAB-3D93-40F4-9E88-DC02AB75A491}"= Disabled:TCP:c:\program files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{9729C296-97B8-4578-8A02-35E25C59D488}"= Disabled:UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58F462A1-2459-4487-8CBF-616CF2E72DEA}"= Disabled:TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-31 51792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59ba7f49-4072-11dc-a088-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
FF - ProfilePath - c:\users\Henna\AppData\Roaming\Mozilla\Firefox\Profiles\q8cb7a1y.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 19:56:12
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-03 20:01:43
ComboFix-quarantined-files.txt 2009-02-03 17:58:15

Ennen ajoa: 47 923 924 992 tavua vapaana
Ajon jälkeen: 48,648,192,000 tavua vapaana

170 --- E O F --- 2009-02-03 12:38:40

Hujo · Feb 3, 2009

Nyt tuon alla olevan lainauksen sisällön , Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Folder::
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared
c:\programdata\F-Secure
c:\program files\Elisa Tietoturvapalvelu

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Click to expand...

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

an44i · Feb 3, 2009

ComboFix 09-02-02.04 - Henna 2009-02-03 21:01:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2046.1275 [GMT 2:00]
Sijainti: c:\users\Henna\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Henna\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled*
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\COH\coh.cache
c:\program files\Common Files\Symantec Shared\COH\COH32.exe
c:\program files\Common Files\Symantec Shared\COH\COH64.exe
c:\program files\Common Files\Symantec Shared\Help\LU_sub.chw
c:\programdata\F-Secure
c:\programdata\F-Secure\logs\custom\custinstall.log
c:\programdata\F-Secure\logs\fsiulsp.log
c:\programdata\F-Secure\logs\FSMA\fsma.log
c:\programdata\F-Secure\logs\FSMA\fsma_old.log
c:\programdata\F-Secure\logs\fstnb\POSTINSTALL.log
c:\programdata\F-Secure\logs\ilaunchr.log
c:\programdata\Symantec
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\programdata\Symantec\rmt.dat
c:\programdata\Symantec\wds.dat

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
.

2009-02-03 17:55 . 2009-02-03 17:55 <KANSIO> d-------- c:\program files\Trend Micro
2009-02-03 17:34 . 2009-02-03 17:34 <KANSIO> d-------- c:\program files\nettiselainFF
2009-01-31 11:59 . 2008-02-23 06:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-31 11:59 . 2008-02-23 04:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-01-31 11:58 . 2009-01-31 12:00 <KANSIO> d-------- c:\program files\ZoneAlarm palomuuri
2009-01-31 11:58 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-01-31 11:57 . 2009-01-31 11:58 <KANSIO> d-------- c:\windows\System32\ZoneLabs
2009-01-31 11:57 . 2009-02-03 20:51 348,371 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-01-31 11:57 . 2008-11-13 15:19 293,776 --a------ c:\windows\System32\drivers\vsdatant.sys
2009-01-31 11:53 . 2009-02-03 21:02 <KANSIO> d-------- c:\windows\Internet Logs
2009-01-31 11:53 . 2009-01-31 11:53 <KANSIO> d-------- c:\users\All Users\CheckPoint
2009-01-31 11:53 . 2009-01-31 11:53 <KANSIO> d-------- c:\programdata\CheckPoint
2009-01-31 10:52 . 2009-01-31 10:52 <KANSIO> d-------- c:\program files\Alwil Software
2009-01-31 10:52 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-01-29 19:39 . 2009-01-29 19:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-29 19:26 . 2008-04-26 10:08 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-29 19:26 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-01-29 19:26 . 2008-05-28 05:19 595,456 --a------ c:\windows\System32\FWPUCLNT.DLL
2009-01-29 19:26 . 2008-05-28 05:19 438,272 --a------ c:\windows\System32\IKEEXT.DLL
2009-01-29 19:26 . 2008-05-28 05:27 223,288 --a------ c:\windows\System32\drivers\netio.sys
2009-01-29 19:26 . 2008-05-28 05:28 101,432 --a------ c:\windows\System32\drivers\FWPKCLNT.SYS
2009-01-29 19:26 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-01-29 19:26 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-01-15 23:02 . 2009-01-15 23:02 <KANSIO> d-------- C:\PerfLogs
2009-01-14 18:26 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-03 14:13 . 2009-01-03 14:13 25 --a------ c:\windows\cdplayer.ini
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Real
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Common Files\xing shared
2009-01-03 14:11 . 2009-01-03 14:11 <KANSIO> d-------- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 18:52 13,025 ----a-w c:\users\Henna\AppData\Roaming\nvModes.dat
2009-01-31 14:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 14:10 --------- d-----w c:\program files\Common Files\Nikon
2009-01-31 08:50 --------- d-----w c:\program files\Yahoo!
2009-01-15 21:17 174 --sha-w c:\program files\desktop.ini
2009-01-15 21:07 --------- d-----w c:\program files\Windows Sidebar
2009-01-15 21:07 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-15 21:07 --------- d-----w c:\program files\Windows Mail
2009-01-15 21:07 --------- d-----w c:\program files\Windows Journal
2009-01-15 21:07 --------- d-----w c:\program files\Windows Defender
2009-01-15 21:07 --------- d-----w c:\program files\Windows Collaboration
2009-01-15 21:07 --------- d-----w c:\program files\Windows Calendar
2009-01-15 20:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-15 20:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-08 22:31 --------- d-----w c:\program files\Google
2008-12-21 13:40 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-21 13:21 --------- d-----w c:\program files\Bethesda Softworks
2008-12-14 15:48 --------- d-----w c:\users\Henna\AppData\Roaming\LucasArts
2008-12-07 18:05 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-07 18:05 --------- d-----w c:\program files\Java
2008-12-04 22:36 --------- d-----w c:\users\Henna\AppData\Roaming\CyberLink
2008-12-04 22:36 --------- d-----w c:\programdata\CyberLink
2008-12-04 13:51 20 ---h--w c:\users\All Users\PKP_DLec.DAT
2008-12-04 13:51 20 ---h--w c:\programdata\PKP_DLec.DAT
2008-12-04 13:18 --------- d-----w c:\programdata\NVIDIA
2008-10-01 09:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-01 09:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-01 09:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_19.56.49,01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 15:47:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-03 18:51:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-03 15:47:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-03 18:51:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-03 17:55:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-03 18:56:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-03 18:56:12 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-03 17:55:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-03 18:56:07 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-03 18:56:07 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-03 15:48:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 18:56:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-03 15:48:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 18:56:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 15:48:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-03 18:56:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 15:53:10 102,464 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-03 18:56:53 102,464 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-03 15:53:10 81,934 ----a-w c:\windows\System32\perfc00B.dat
+ 2009-02-03 18:56:53 81,934 ----a-w c:\windows\System32\perfc00B.dat
- 2009-02-03 15:53:10 589,794 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-03 18:56:53 589,794 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-03 15:53:10 438,242 ----a-w c:\windows\System32\perfh00B.dat
+ 2009-02-03 18:56:53 438,242 ----a-w c:\windows\System32\perfh00B.dat
- 2009-02-03 15:49:49 9,340 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3897679103-1712131684-591489059-1000_UserData.bin
+ 2009-02-03 18:53:31 9,340 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3897679103-1712131684-591489059-1000_UserData.bin
- 2009-02-03 15:49:49 69,650 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-03 18:53:31 69,962 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-02 18:35:07 3,998 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-03 18:50:24 4,124 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-03 171448]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-03 185872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-06 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm palomuuri\zlclient.exe" [2008-11-13 981904]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-24 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6E3AC9B-B54D-4083-A91F-8850236DB4E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66CCB6EA-511B-473F-BDE9-9A61A76173CC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A246F17C-4120-4C2B-8C11-F3CF89DC7C80}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5B489581-A8C6-4F7E-B890-AC7B8437DFEE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{940511DE-554B-48E6-B881-92920DC6A76A}"= Disabled:UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{F4BEF8D4-A553-4ACA-819F-EF033380BF5D}"= Disabled:TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3F58CB5F-4563-4A2B-BF3B-C9D84047F000}"= Disabled:UDP:c:\program files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{64F03EAB-3D93-40F4-9E88-DC02AB75A491}"= Disabled:TCP:c:\program files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe:Elisa Tietoturvapalvelu
"{9729C296-97B8-4578-8A02-35E25C59D488}"= Disabled:UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58F462A1-2459-4487-8CBF-616CF2E72DEA}"= Disabled:TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-31 51792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59ba7f49-4072-11dc-a088-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fi.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
FF - ProfilePath - c:\users\Henna\AppData\Roaming\Mozilla\Firefox\Profiles\q8cb7a1y.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:04:57
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-03 21:07:16
ComboFix-quarantined-files.txt 2009-02-03 19:07:00
ComboFix2.txt 2009-02-03 18:01:45

Ennen ajoa: 48 445 730 816 tavua vapaana
Ajon jälkeen: 48,200,527,872 tavua vapaana

215 --- E O F --- 2009-02-03 12:38:40

Hujo · Feb 3, 2009

kirjoita suorita luukkuun

ComboFix /u

Klikkaa OK

=========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

an44i · Feb 3, 2009

Malwarebytesin tarkistus ei löytänyt mitään, joten ilmeisesti se combofix hoiti homman. Oliko ongelma siis jotkut elisa tietoturvapalvelun jäännökset? Firefox ei ole ainakaan vielä jumittuntut. (pari tuntia bootin jälkeen)

Kiitokset avusta!

loki:
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 122345
Kulunut aika: 1 hour(s), 6 minute(s), 13 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Hujo · Feb 3, 2009

nortonia ja f-securen jäänteitä siellä oli

===============

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Jos nuo ei oo tärkeitä niin fixsaa myös pois

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com

mopeti · Feb 7, 2009

Omastakin puolestani haluan kiittää vinkeistä! Oli sama ongelma joka myös korjaantui näillä ohjeilla.

-JJ

Hujo · Feb 7, 2009

an44i

scannaa uusi hjt:n loki

an44i · Feb 8, 2009

Ongelma olikin sitkeämpi kuin luulin.
Mozillan foorumeilla ehdotettiin ff:n profiilien uusimista, mutta ei sekään näytä auttavan.
HJT loki näyttää nykyään seuraavaa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:56, on 8.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm palomuuri\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Henna\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm palomuuri\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6373 bytes

Hujo · Feb 8, 2009

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

an44i · Feb 8, 2009

Acer Arcade Deluxe
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer OrbiCam
Acer OrbiCam
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Apple Mobile Device Support -tuki
Apple Software Update
ArcSoft Panorama Maker 3
avast! Antivirus
Fallout 3
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Launch Manager
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nikon FotoShare
Nikon Message Center
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Sid Meier's Civilization 4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
VC 9.0 Runtime
Windows Media Player Firefox Plugin
ZoneAlarm

SMF · Feb 8, 2009

Mulla oli sama ongelma ja se tuli zonealarmin päivityksen jälkeen.
Zone Alarmin vaihdoin vistan omaan palomuuriin ja ongelma poistui..

Hujo · Feb 8, 2009

Poista lisää poista sovelutuksesta

Java(TM) 6 Update 2

=================

Kirjoita suorita luukkuun

services.msc

Killkka ok

Etsi tuo service CLTNetCnService
Tuplaklikkaa sitä
laita seis
alas vetovalikosta ei käytössä
käytä ja ok

Poista tuo jos näkyy
c:\Program Files\Common Files\Symantec Shared

===========

laita ie selaimelle ja firefox selaimelle aloitus sivu
vaikka www.elisa.net

===========

Eihä sulla ole siellä vistan palomuuri päällä

an44i · Feb 8, 2009

palvelu on nyt pysäytetty, mitään symantec tiedostokansiota en löytänyt

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Henna\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\nettiselainFF\firefox.exe
C:\Program Files\ZoneAlarm palomuuri\zlclient.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm palomuuri\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6523 bytes

Hujo · Feb 8, 2009

Mikäs on koneen toiminta

an44i · Feb 8, 2009

sama ongelma vaivaa yhä, taidan vaihtaa toistaiseksi zonealarmin vistan omaan palomuuriin.

Hujo · Feb 8, 2009

juu sitäkin voi testata

Vaiski7 · Feb 16, 2009

Eli ohjelmalla WINBAR pääset nopeasti suoraan tehtävien hallintaan ja voit sieltä poistaa taustalla pyörivän FireFoxin tai Ctrl + Alt + Delete pääset myös tehtävien hallintaan jas voit sammuttaa jos taustalla pyörii, olen käyttänyt aina foxia ja pari kertaa on jäänyt taustalle pyörimään ei haittaa on kuitenkin pitkä palvelus aika niin ei paljo purista. Mutta mitä tarkoittaa että FireFox lopettaa meinaatteko että koko netti selain lähtee veke? Sen jos tekee niin myön koneen ja surffaan netissä Pleikka 3 sella, minä en mitään safareita, Explorereita mitään muuta en käytä ja jos tää selain lähtee lähtee tietokonekin, sen jälkeen ei tietokoneella tee enää yhtään mitään kaikki mailman selaimet olen kokeillut ja Firefox on yli voimaisesti kaikessa yksin kertaisuudessaan paras. Ei ole mitään nuita ylä puolella mainittuja ongelmia Vistan oma palomuuri ja Avast, mulla pyörii koko ajan Superantispyware eikä löydä mitään eikä ole tullut mitään ja Norton SecurityScan haravoi koneen noin joka toinen päivä pari phissing cookiesta on löytynyt mut ne häviää ku vetää C-Cleanerilla vaikka evästeetpois ja GD-Wintools ultimate siihen päälle niin lähtee Broken Preferencies ja aivan kaikki turha ja vanhat temp tiedostot, joten jos teillä on ongelmia Vistan kanssa tän selaimen kanssa niin vähän pistää ihmetyttämään koska minulla niitä ei ole.

Log in or Sign up

firefox jumittuu, firefox.exe jää päälle

an44i Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

mopeti Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

SMF Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

Vaiski7 Member

Share This Page

Log in or Sign up

firefox jumittuu, firefox.exe jää päälle

an44i Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

mopeti Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

SMF Member

Hujo Guest

an44i Member

Hujo Guest

an44i Member

Hujo Guest

Vaiski7 Member

Share This Page

Useful Searches