Virus koneella, HJT-logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 7.9.2008 / 18:41

Haku:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > virus koneella, hjt-logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Virus koneella, HJT-logi

Siirry:

Kirjoittaja

Viesti

lurtsifan

Newbie

7. heinäkuuta 2008 @ 01:57

Linkki tähän viestiin

Elikkäs kone lisäilee työpöydälle pikakuvakkeita pornosivuille ja tyrkyttää ns. virustentorjuntaohjelmia.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\Sys15AA.exe
C:\Windows\Sys1665.exe
C:\Windows\Sys1849.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Sys1904.exe
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdatgms.exe
O4 - HKLM\..\Run: [Sys15AA.exe] C:\Windows\Sys15AA.exe
O4 - HKLM\..\Run: [Sys1665.exe] C:\Windows\Sys1665.exe
O4 - HKLM\..\Run: [Sys1849.exe] C:\Windows\Sys1849.exe
O4 - HKLM\..\Run: [Sys1904.exe] C:\Windows\Sys1904.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBTjkk.dll,#1
O4 - HKLM\..\Run: [DelayLoad] C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll,c
O4 - HKCU\..\Run: [6cd11b41] rundll32.exe "C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysBA49.exe] C:\Windows\SysBA49.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 11125 bytes

[ + lainaa]

jejje

Hujo

AfterDawn Addict

7. heinäkuuta 2008 @ 02:05

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===============

Malwarebytes' Anti-Malware onkin koneella päivitä ensin ja aja sitten

================

Poista koneelta

Spybot - Search & Destroy

Poista kansio

C:\Program Files\Spybot - Search & Destroy

[ + lainaa]

Eihä kone voi edes toimia?
Vai miten se oli

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. heinäkuuta 2008 @ 02:15

lurtsifan

Newbie

7. heinäkuuta 2008 @ 03:08

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 928
Windows 6.0.6001 Service Pack 1

02:55:31 2008-07-07
mbam-log-7-7-2008 (02-55-28).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 143505
Kulunut aika: 1 hour(s), 29 minute(s), 20 second(s)

Saastuneita muistiprosesseja: 3
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 10
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 26

Saastuneita muistiprosesseja:
C:\Windows\Sys1665.exe (Trojan.Agent) -> No action taken.
C:\Windows\Sys1904.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe (Trojan.Clicker) -> No action taken.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys1665.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys1904.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DelayLoad (Trojan.Clicker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysBA49.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6cd11b41 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

Saastuneita tiedostoja:
C:\Windows\Sys1665.exe (Trojan.Agent) -> No action taken.
C:\Windows\Sys1904.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe (Trojan.Clicker) -> No action taken.
C:\Windows\SysBA49.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOW4FPXW\1215378122[1].exe (Trojan.Clicker) -> No action taken.
C:\Windows\SysB0F6.exe (Trojan.Agent) -> No action taken.
C:\Windows\SysB27C.exe (Trojan.Agent) -> No action taken.
C:\Windows\SysB95F.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Windows\System32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\mlJBTjkk.dll (Trojan.Vundo) -> No action taken.
C:\Users\Tommi\Desktop\0nline p0rn.url (Rogue.Link) -> No action taken.
C:\Users\Tommi\Desktop\FREE gallery of the day.url (Rogue.Link) -> No action taken.

[ + lainaa]

jejje

Hujo

AfterDawn Addict

7. heinäkuuta 2008 @ 03:25

Linkki tähän viestiin

Onkos tuo tehty Malwarebytes' Anti-Malware

5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.

============

sitten se combofix loki

[ + lainaa]

Eihä kone voi edes toimia?
Vai miten se oli

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. heinäkuuta 2008 @ 03:51

lurtsifan

Newbie

7. heinäkuuta 2008 @ 04:03

Linkki tähän viestiin

combofix loki tässä:
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exe:DC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exe:DC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57

[ + lainaa]

jejje

lurtsifan

Newbie

7. heinäkuuta 2008 @ 04:05

Linkki tähän viestiin


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.