Viruksentorjunta menee pois päältä. Voisiko joku vilkaista hjt-lokia?

GraTu · 16.05.2008

Elikkäs viruksentorjuntaohjelmana on Norton 360. Ongelmana on, että Auto-Protect ei ole käytössä eikä sitä saa kytkettyä päälle. Johtuukohan tämä jonkunlaisesta vihulaisesta kenties? Norton ei ainakaan löytänyt viruksia eikä muitakaan omassa tarkistuksessaan, myöskään ad-awarella ei löytynyt mitään. Tein on-line scanin F-Securella, jolloin löytyi tällaiset: Trojan.Clicker.Win32.agent ja Trojan.Clicker.Win32.agent.aig. Ohjelma poisti ne, mutta itse ongelma ei hävinnyt mihinkään.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:39, on 16.5.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\WallPaper\FerrariWP\FerrariWP.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\WindowsMobile\wmdSync.exe
D:\Okon\Ohjelmat\Winamp\winampa.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Okko\AppData\Local\Temp\RtkBtMnt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
F:\PhoneConnectorVMC.exe
F:\VMC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FerrariWP] C:\Acer\WallPaper\FerrariWP\FerrariWP.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] D:\Okon\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9BB9A2-2D09-4BC7-B6EF-3484D8DC1485}: NameServer = 195.226.224.72 195.226.224.76
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10875 bytes

AfterDawn

Hujo · 20.05.2008

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

===========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

GraTu · 20.05.2008

ComboFix 08-05-19.4 - 2008-05-20 22:33:51.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1035.18.1222 [GMT 3:00]
Running from: C:\Users\\Desktop\ComboFix.exe
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-20 to 2008-05-20 )))))))))))))))))
.

2008-05-19 20:03 . 2008-05-19 20:36 212 --a------ C:\delete.bat
2008-05-19 20:01 . 2008-05-19 20:01 <KANSIO> d-------- C:\_OTMoveIt
2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 18:20 . 2008-05-19 18:20 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\Users\All Users\Avg8
2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\ProgramData\Avg8
2008-05-16 21:27 . 2008-05-16 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-16 19:04 . 2008-05-16 19:33 <KANSIO> d-------- C:\Downloads
2008-05-16 19:04 . 2008-05-16 19:31 <KANSIO> d-------- C:\Bases
2008-05-16 19:01 . 2008-05-16 19:33 <KANSIO> d-------- C:\Kaspersky
2008-05-16 18:00 . 2008-05-16 18:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\TrojanHunter
2008-05-16 17:22 . 2008-05-16 21:31 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Users\\AppData\Roaming\SUPERAntiSpyware.com
2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 16:12 . 2008-05-16 19:07 <KANSIO> d-------- C:\Program Files\The Cleaner Free
2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\Users\All Users\TEMP
2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\ProgramData\TEMP
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\ProgramData\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:04 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 18:10 --------- d-----w C:\Program Files\SopCast
2008-05-19 17:18 --------- d-----w C:\Program Files\Norton 360
2008-05-18 11:11 --------- d-----w C:\ProgramData\Symantec
2008-05-16 23:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-16 20:59 --------- d-----w C:\ProgramData\Lavasoft
2008-05-16 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 20:54 --------- d-----w C:\Program Files\PokerStars
2008-05-16 16:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 08:23 --------- d-----w C:\Program Files\CCleaner
2008-05-15 13:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 12:32 --------- d-----w C:\Users\\AppData\Roaming\Malwarebytes
2008-04-09 12:32 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-04 16:45 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 16:45 --------- d-----w C:\Program Files\Atheros
2008-04-04 16:45 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-04-04 16:45 --------- d-----w C:\Program Files\7-Zip
2008-04-04 16:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 16:44 --------- d-----w C:\Users\AppData\Roaming\Stellarium
2008-04-04 16:44 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-04-04 16:44 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-04-04 16:44 --------- d-----w C:\Program Files\Microsoft Works
2008-04-04 16:44 --------- d-----w C:\Program Files\Launch Manager
2008-04-04 16:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 15:09 --------- d-----w C:\Program Files\Windows Live
2008-03-28 14:24 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 14:01 --------- d-----w C:\Users\Okko\AppData\Roaming\Lavasoft
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-11-27 11:08 22,328 ----a-w C:\Users\\AppData\Roaming\PnkBstrK.sys
2007-08-29 15:12 174 --sha-w C:\Program Files\desktop.ini
2007-08-28 18:36 4,129,768 ----a-w C:\Users\\DCPlusPlus-0.699.exe
2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-21 14:28 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 13:56 131072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:33 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 09:45 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 08:37 4186112 C:\Windows\RtHDVCpl.exe]
"FerrariWP"="C:\Acer\WallPaper\FerrariWP\FerrariWP.exe" [2007-01-18 17:45 31528]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"Acer Tour"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 20:40 13312]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 06:27 483328]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712]
"eRecoveryService"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 17:56 1006264]
"WinampAgent"="D:\\Ohjelmat\Winamp\winampa.exe" [2004-12-20 21:41 33792]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-01-22 21:20 125032]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-08-06 19:03:08 1187840]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-07 12:46:46 719664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-14 20:25:03 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7DD177E-67E6-4998-9B5C-3B53AAB2681B}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{451D5E98-A0B0-4A6E-AD94-AC814DFCD109}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{F8046918-51CB-48A6-BB54-B7BE2819FD46}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{7276772B-AC89-41EB-A242-E959A23D5757}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{13DFF211-7316-4C38-8F1C-E5D4A44F40B2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5BEA8EC1-28B2-40AB-A18F-30D08F829BCC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:CyberLink PlayMovie
"{A644C70B-D2DE-4995-A9A5-53910A22AC42}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:CyberLink PlayMovie Resident Program
"{E7C65FDB-C529-44DE-A735-C141249B52F7}"= UDP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
"{314AAC77-8CA0-4D3C-ACAB-755348E76693}"= TCP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
"{E3845F17-DB9A-4456-9DDD-65057865BB6D}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{6E7D7C8E-9CB7-47B9-B728-A333B71C8EFB}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D3C74757-2732-48C3-813F-81E25515D401}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{251B96F6-3D8F-447D-9ED4-996F0B536C61}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{5E4573C9-F354-42B8-93BF-54BEC524D8A7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{99B887FB-10D4-4209-9390-E34CFBDC021C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{1E5C5251-5899-4CC7-B7A2-B58A4266B516}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B55E3FCC-ED83-44B7-9406-55261559BC62}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B518A02D-24BF-42D2-972F-A6EFC8A6F1E3}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B68EFD8F-CEB7-4DAC-8D32-35239CC30BE7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B743E461-31E7-440D-8A67-CFDA2E47B6BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CE3D1806-55AF-4B28-BE98-4412F8CE4909}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4D6BFE44-308E-4371-9990-C3E6CAE7088A}"= UDP:C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{8A53E153-EBAE-49D5-8FDB-12342D3D010E}"= UDP:C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 19:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 RapiMgr;Windows Mobile -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WcesComm;Windows Mobile 2003 -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 09:38]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 10:30]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 08:45]
R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 11:07]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 11:05]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 11:09]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 13:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 07:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [2007-05-31 22:11]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f33-cea4-11dc-9322-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f34-cea4-11dc-9322-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2681e6e3-bad1-11dc-915a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e684-d26a-11dc-9cd3-001b2423bb7f}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e685-d26a-11dc-9cd3-001b2423bb7f}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb8-a366-11dc-8f14-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb9-a366-11dc-8f14-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b472c038-c522-11dc-bff3-00197edf806e}]
\shell\AutoRun\command - H:\AutoRunLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51d-a1c6-11dc-b66a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51e-a1c6-11dc-b66a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a4-a1cb-11dc-9eb8-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a5-a1cb-11dc-9eb8-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e89-5d0f-11dc-a349-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e8a-5d0f-11dc-a349-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef986a-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9875-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce4-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce5-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {264387C0-5B9A-F85A-CAF2-FDBA49EC9D35} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 22:36:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-20 22:37:03
ComboFix-quarantined-files.txt 2008-05-20 19:36:56

Pre-Run: 32,352,854,016 tavua vapaana
Post-Run: 32,462,680,064 tavua vapaana

259 --- E O F --- 2008-05-16 23:04:05

GraTu · 20.05.2008

ComboFix 08-05-19.4 - 2008-05-20 22:33:51.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1035.18.1222 [GMT 3:00]
Running from: C:\Users\\Desktop\ComboFix.exe
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-20 to 2008-05-20 )))))))))))))))))
.

2008-05-19 20:03 . 2008-05-19 20:36 212 --a------ C:\delete.bat
2008-05-19 20:01 . 2008-05-19 20:01 <KANSIO> d-------- C:\_OTMoveIt
2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 18:20 . 2008-05-19 18:20 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\Users\All Users\Avg8
2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\ProgramData\Avg8
2008-05-16 21:27 . 2008-05-16 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-16 19:04 . 2008-05-16 19:33 <KANSIO> d-------- C:\Downloads
2008-05-16 19:04 . 2008-05-16 19:31 <KANSIO> d-------- C:\Bases
2008-05-16 19:01 . 2008-05-16 19:33 <KANSIO> d-------- C:\Kaspersky
2008-05-16 18:00 . 2008-05-16 18:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\TrojanHunter
2008-05-16 17:22 . 2008-05-16 21:31 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Users\\AppData\Roaming\SUPERAntiSpyware.com
2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 16:12 . 2008-05-16 19:07 <KANSIO> d-------- C:\Program Files\The Cleaner Free
2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\Users\All Users\TEMP
2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\ProgramData\TEMP
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\ProgramData\Simply Super Software
2008-05-16 00:00 . 2008-05-16 00:04 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Users\All Users\Adobe
2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 18:10 --------- d-----w C:\Program Files\SopCast
2008-05-19 17:18 --------- d-----w C:\Program Files\Norton 360
2008-05-18 11:11 --------- d-----w C:\ProgramData\Symantec
2008-05-16 23:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-16 20:59 --------- d-----w C:\ProgramData\Lavasoft
2008-05-16 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 20:54 --------- d-----w C:\Program Files\PokerStars
2008-05-16 16:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 08:23 --------- d-----w C:\Program Files\CCleaner
2008-05-15 13:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 12:32 --------- d-----w C:\Users\\AppData\Roaming\Malwarebytes
2008-04-09 12:32 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-04 16:45 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 16:45 --------- d-----w C:\Program Files\Atheros
2008-04-04 16:45 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-04-04 16:45 --------- d-----w C:\Program Files\7-Zip
2008-04-04 16:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 16:44 --------- d-----w C:\Users\AppData\Roaming\Stellarium
2008-04-04 16:44 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-04-04 16:44 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-04-04 16:44 --------- d-----w C:\Program Files\Microsoft Works
2008-04-04 16:44 --------- d-----w C:\Program Files\Launch Manager
2008-04-04 16:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 15:09 --------- d-----w C:\Program Files\Windows Live
2008-03-28 14:24 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 14:01 --------- d-----w C:\Users\Okko\AppData\Roaming\Lavasoft
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-11-27 11:08 22,328 ----a-w C:\Users\\AppData\Roaming\PnkBstrK.sys
2007-08-29 15:12 174 --sha-w C:\Program Files\desktop.ini
2007-08-28 18:36 4,129,768 ----a-w C:\Users\\DCPlusPlus-0.699.exe
2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-21 14:28 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 13:56 131072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:33 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 09:45 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 08:37 4186112 C:\Windows\RtHDVCpl.exe]
"FerrariWP"="C:\Acer\WallPaper\FerrariWP\FerrariWP.exe" [2007-01-18 17:45 31528]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"Acer Tour"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 20:40 13312]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 06:27 483328]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712]
"eRecoveryService"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 17:56 1006264]
"WinampAgent"="D:\\Ohjelmat\Winamp\winampa.exe" [2004-12-20 21:41 33792]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-01-22 21:20 125032]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-08-06 19:03:08 1187840]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-07 12:46:46 719664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-14 20:25:03 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7DD177E-67E6-4998-9B5C-3B53AAB2681B}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{451D5E98-A0B0-4A6E-AD94-AC814DFCD109}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{F8046918-51CB-48A6-BB54-B7BE2819FD46}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{7276772B-AC89-41EB-A242-E959A23D5757}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{13DFF211-7316-4C38-8F1C-E5D4A44F40B2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5BEA8EC1-28B2-40AB-A18F-30D08F829BCC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:CyberLink PlayMovie
"{A644C70B-D2DE-4995-A9A5-53910A22AC42}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:CyberLink PlayMovie Resident Program
"{E7C65FDB-C529-44DE-A735-C141249B52F7}"= UDP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
"{314AAC77-8CA0-4D3C-ACAB-755348E76693}"= TCP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
"{E3845F17-DB9A-4456-9DDD-65057865BB6D}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{6E7D7C8E-9CB7-47B9-B728-A333B71C8EFB}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D3C74757-2732-48C3-813F-81E25515D401}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{251B96F6-3D8F-447D-9ED4-996F0B536C61}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{5E4573C9-F354-42B8-93BF-54BEC524D8A7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{99B887FB-10D4-4209-9390-E34CFBDC021C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{1E5C5251-5899-4CC7-B7A2-B58A4266B516}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B55E3FCC-ED83-44B7-9406-55261559BC62}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B518A02D-24BF-42D2-972F-A6EFC8A6F1E3}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B68EFD8F-CEB7-4DAC-8D32-35239CC30BE7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B743E461-31E7-440D-8A67-CFDA2E47B6BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CE3D1806-55AF-4B28-BE98-4412F8CE4909}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4D6BFE44-308E-4371-9990-C3E6CAE7088A}"= UDP:C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{8A53E153-EBAE-49D5-8FDB-12342D3D010E}"= UDP:C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 19:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 RapiMgr;Windows Mobile -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WcesComm;Windows Mobile 2003 -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 09:38]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 10:30]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 08:45]
R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 11:07]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 11:05]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 11:09]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 13:36]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 07:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [2007-05-31 22:11]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f33-cea4-11dc-9322-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f34-cea4-11dc-9322-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2681e6e3-bad1-11dc-915a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e684-d26a-11dc-9cd3-001b2423bb7f}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e685-d26a-11dc-9cd3-001b2423bb7f}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb8-a366-11dc-8f14-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb9-a366-11dc-8f14-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b472c038-c522-11dc-bff3-00197edf806e}]
\shell\AutoRun\command - H:\AutoRunLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51d-a1c6-11dc-b66a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51e-a1c6-11dc-b66a-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a4-a1cb-11dc-9eb8-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a5-a1cb-11dc-9eb8-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e89-5d0f-11dc-a349-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e8a-5d0f-11dc-a349-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef986a-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9875-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce4-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce5-556e-11dc-a444-00197edf806e}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {264387C0-5B9A-F85A-CAF2-FDBA49EC9D35} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 22:36:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-20 22:37:03
ComboFix-quarantined-files.txt 2008-05-20 19:36:56

Pre-Run: 32,352,854,016 tavua vapaana
Post-Run: 32,462,680,064 tavua vapaana

259 --- E O F --- 2008-05-16 23:04:05

GraTu · 20.05.2008

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 770

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|H:\|)
Tarkistetut kohteet: 127328
Kulunut aika: 26 minute(s), 7 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Hujo · 21.05.2008

Poista lisää poista sovelutuksesta

TrojanHunter 5.0
SUPERAntiSpyware
Trojan Remover

Poista vikasiedossa

C:\Program Files\Trojan Remover
C:\Bases
C:\Kaspersky
C:\Users\All Users\Avg8
C:\ProgramData\Avg8
C:\Program Files\TrojanHunter 5.0
C:\Users\\AppData\Roaming\TrojanHunter
C:\Users\All Users\SUPERAntiSpyware.com
C:\Program Files\SUPERAntiSpyware

GraTu · 21.05.2008

Kiitos jo tässä vaiheessa avusta! Nyt ne pitäisi olla poistettuna. Ajoin päälle vielä CCleanerin.
Mitäs sitten?

Hujo · 21.05.2008

Mites nyt pysyykö päällä virustorjunta

GraTu · 22.05.2008

Ei pysy. Norton ei suostu ottaan vieläkään Auto-Protectia käyttöön.

Hujo · 22.05.2008

Asennas virustorjunta uudelleen.

GraTu · 22.05.2008

Asensin virustorjunnan uudestaan ja nyt pysyy Auto-Protect päällä. Kiitän ja kumarran!

Hujo · 22.05.2008

Hyvä

Kirjaudu tai liity jäseneksi

Viruksentorjunta menee pois päältä. Voisiko joku vilkaista hjt-lokia?

GraTu Guest

Hujo Guest

GraTu Guest

GraTu Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Viruksentorjunta menee pois päältä. Voisiko joku vilkaista hjt-lokia?

GraTu Guest

Hujo Guest

GraTu Guest

GraTu Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

GraTu Guest

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja