Viruksentorjunta menee pois päältä. Voisiko joku vilkaista hjt-lokia?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by GraTu, May 16, 2008.

  1. GraTu

    GraTu Guest

    Elikkäs viruksentorjuntaohjelmana on Norton 360. Ongelmana on, että Auto-Protect ei ole käytössä eikä sitä saa kytkettyä päälle. Johtuukohan tämä jonkunlaisesta vihulaisesta kenties? Norton ei ainakaan löytänyt viruksia eikä muitakaan omassa tarkistuksessaan, myöskään ad-awarella ei löytynyt mitään. Tein on-line scanin F-Securella, jolloin löytyi tällaiset: Trojan.Clicker.Win32.agent ja Trojan.Clicker.Win32.agent.aig. Ohjelma poisti ne, mutta itse ongelma ei hävinnyt mihinkään.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:39, on 16.5.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\WallPaper\FerrariWP\FerrariWP.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    D:\Okon\Ohjelmat\Winamp\winampa.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Users\Okko\AppData\Local\Temp\RtkBtMnt.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    F:\PhoneConnectorVMC.exe
    F:\VMC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [FerrariWP] C:\Acer\WallPaper\FerrariWP\FerrariWP.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WinampAgent] D:\Okon\Ohjelmat\Winamp\winampa.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9BB9A2-2D09-4BC7-B6EF-3484D8DC1485}: NameServer = 195.226.224.72 195.226.224.76
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10875 bytes
     
    GraTu, May 16, 2008
    #1
  2. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    ===========

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    ===========

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi.
     
    Hujo, May 20, 2008
    #2
  3. GraTu

    GraTu Guest

    ComboFix 08-05-19.4 - 2008-05-20 22:33:51.1 - NTFSx86
    Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1035.18.1222 [GMT 3:00]
    Running from: C:\Users\\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-20 to 2008-05-20 )))))))))))))))))
    .

    2008-05-19 20:03 . 2008-05-19 20:36 212 --a------ C:\delete.bat
    2008-05-19 20:01 . 2008-05-19 20:01 <KANSIO> d-------- C:\_OTMoveIt
    2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-19 18:20 . 2008-05-19 18:20 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\Users\All Users\Avg8
    2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\ProgramData\Avg8
    2008-05-16 21:27 . 2008-05-16 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-05-16 19:04 . 2008-05-16 19:33 <KANSIO> d-------- C:\Downloads
    2008-05-16 19:04 . 2008-05-16 19:31 <KANSIO> d-------- C:\Bases
    2008-05-16 19:01 . 2008-05-16 19:33 <KANSIO> d-------- C:\Kaspersky
    2008-05-16 18:00 . 2008-05-16 18:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\TrojanHunter
    2008-05-16 17:22 . 2008-05-16 21:31 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
    2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Users\\AppData\Roaming\SUPERAntiSpyware.com
    2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
    2008-05-16 16:12 . 2008-05-16 19:07 <KANSIO> d-------- C:\Program Files\The Cleaner Free
    2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\Users\All Users\TEMP
    2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\ProgramData\TEMP
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\ProgramData\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:04 <KANSIO> d-------- C:\Program Files\Trojan Remover
    2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Users\All Users\Adobe
    2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Program Files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-19 18:10 --------- d-----w C:\Program Files\SopCast
    2008-05-19 17:18 --------- d-----w C:\Program Files\Norton 360
    2008-05-18 11:11 --------- d-----w C:\ProgramData\Symantec
    2008-05-16 23:03 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-16 20:59 --------- d-----w C:\ProgramData\Lavasoft
    2008-05-16 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-16 20:54 --------- d-----w C:\Program Files\PokerStars
    2008-05-16 16:48 --------- d-----w C:\Program Files\Windows Mail
    2008-05-16 08:23 --------- d-----w C:\Program Files\CCleaner
    2008-05-15 13:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-13 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-09 12:32 --------- d-----w C:\Users\\AppData\Roaming\Malwarebytes
    2008-04-09 12:32 --------- d-----w C:\ProgramData\Malwarebytes
    2008-04-04 16:45 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-04-04 16:45 --------- d-----w C:\Program Files\Atheros
    2008-04-04 16:45 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-04-04 16:45 --------- d-----w C:\Program Files\7-Zip
    2008-04-04 16:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-04 16:44 --------- d-----w C:\Users\AppData\Roaming\Stellarium
    2008-04-04 16:44 --------- d-----w C:\ProgramData\Symantec Temporary Files
    2008-04-04 16:44 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-04-04 16:44 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-04 16:44 --------- d-----w C:\Program Files\Launch Manager
    2008-04-04 16:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-03-28 15:09 --------- d-----w C:\Program Files\Windows Live
    2008-03-28 14:24 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-28 14:01 --------- d-----w C:\Users\Okko\AppData\Roaming\Lavasoft
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-11-27 11:08 22,328 ----a-w C:\Users\\AppData\Roaming\PnkBstrK.sys
    2007-08-29 15:12 174 --sha-w C:\Program Files\desktop.ini
    2007-08-28 18:36 4,129,768 ----a-w C:\Users\\DCPlusPlus-0.699.exe
    2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-11-21 14:28 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ------- Sigcheck -------

    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 13:56 131072]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:33 201728]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 09:45 815104]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 08:37 4186112 C:\Windows\RtHDVCpl.exe]
    "FerrariWP"="C:\Acer\WallPaper\FerrariWP\FerrariWP.exe" [2007-01-18 17:45 31528]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
    "Acer Tour"="" []
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 20:40 13312]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 06:27 483328]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]
    "AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712]
    "eRecoveryService"="" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 17:56 1006264]
    "WinampAgent"="D:\\Ohjelmat\Winamp\winampa.exe" [2004-12-20 21:41 33792]
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-01-22 21:20 125032]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-08-06 19:03:08 1187840]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-07 12:46:46 719664]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-14 20:25:03 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{B7DD177E-67E6-4998-9B5C-3B53AAB2681B}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{451D5E98-A0B0-4A6E-AD94-AC814DFCD109}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
    "{F8046918-51CB-48A6-BB54-B7BE2819FD46}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
    "{7276772B-AC89-41EB-A242-E959A23D5757}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
    "{13DFF211-7316-4C38-8F1C-E5D4A44F40B2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5BEA8EC1-28B2-40AB-A18F-30D08F829BCC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:CyberLink PlayMovie
    "{A644C70B-D2DE-4995-A9A5-53910A22AC42}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:CyberLink PlayMovie Resident Program
    "{E7C65FDB-C529-44DE-A735-C141249B52F7}"= UDP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
    "{314AAC77-8CA0-4D3C-ACAB-755348E76693}"= TCP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
    "{E3845F17-DB9A-4456-9DDD-65057865BB6D}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{6E7D7C8E-9CB7-47B9-B728-A333B71C8EFB}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{D3C74757-2732-48C3-813F-81E25515D401}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{251B96F6-3D8F-447D-9ED4-996F0B536C61}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{5E4573C9-F354-42B8-93BF-54BEC524D8A7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{99B887FB-10D4-4209-9390-E34CFBDC021C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{1E5C5251-5899-4CC7-B7A2-B58A4266B516}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B55E3FCC-ED83-44B7-9406-55261559BC62}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B518A02D-24BF-42D2-972F-A6EFC8A6F1E3}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{B68EFD8F-CEB7-4DAC-8D32-35239CC30BE7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{B743E461-31E7-440D-8A67-CFDA2E47B6BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CE3D1806-55AF-4B28-BE98-4412F8CE4909}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4D6BFE44-308E-4371-9990-C3E6CAE7088A}"= UDP:C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{8A53E153-EBAE-49D5-8FDB-12342D3D010E}"= UDP:C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 19:18]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
    R2 RapiMgr;Windows Mobile -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WcesComm;Windows Mobile 2003 -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 09:38]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 10:30]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 08:45]
    R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 11:07]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 11:05]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 11:09]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 13:36]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 07:16]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
    S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [2007-05-31 22:11]
    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f33-cea4-11dc-9322-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f34-cea4-11dc-9322-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2681e6e3-bad1-11dc-915a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e684-d26a-11dc-9cd3-001b2423bb7f}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e685-d26a-11dc-9cd3-001b2423bb7f}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb8-a366-11dc-8f14-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb9-a366-11dc-8f14-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b472c038-c522-11dc-bff3-00197edf806e}]
    \shell\AutoRun\command - H:\AutoRunLauncher.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51d-a1c6-11dc-b66a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51e-a1c6-11dc-b66a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a4-a1cb-11dc-9eb8-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a5-a1cb-11dc-9eb8-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e89-5d0f-11dc-a349-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e8a-5d0f-11dc-a349-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef986a-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9875-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce4-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce5-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {264387C0-5B9A-F85A-CAF2-FDBA49EC9D35} /qb
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-20 22:36:13
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-05-20 22:37:03
    ComboFix-quarantined-files.txt 2008-05-20 19:36:56

    Pre-Run: 32,352,854,016 tavua vapaana
    Post-Run: 32,462,680,064 tavua vapaana

    259 --- E O F --- 2008-05-16 23:04:05
     
    GraTu, May 20, 2008
    #3
  4. GraTu

    GraTu Guest

    ComboFix 08-05-19.4 - 2008-05-20 22:33:51.1 - NTFSx86
    Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1035.18.1222 [GMT 3:00]
    Running from: C:\Users\\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-20 to 2008-05-20 )))))))))))))))))
    .

    2008-05-19 20:03 . 2008-05-19 20:36 212 --a------ C:\delete.bat
    2008-05-19 20:01 . 2008-05-19 20:01 <KANSIO> d-------- C:\_OTMoveIt
    2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-19 18:20 . 2008-05-19 18:40 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-19 18:20 . 2008-05-19 18:20 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\Users\All Users\Avg8
    2008-05-17 11:43 . 2008-05-17 11:43 <KANSIO> d-------- C:\ProgramData\Avg8
    2008-05-16 21:27 . 2008-05-16 21:27 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-05-16 19:04 . 2008-05-16 19:33 <KANSIO> d-------- C:\Downloads
    2008-05-16 19:04 . 2008-05-16 19:31 <KANSIO> d-------- C:\Bases
    2008-05-16 19:01 . 2008-05-16 19:33 <KANSIO> d-------- C:\Kaspersky
    2008-05-16 18:00 . 2008-05-16 18:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\TrojanHunter
    2008-05-16 17:22 . 2008-05-16 21:31 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
    2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-05-16 16:32 . 2008-05-16 16:32 <KANSIO> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Users\\AppData\Roaming\SUPERAntiSpyware.com
    2008-05-16 16:31 . 2008-05-16 23:56 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
    2008-05-16 16:12 . 2008-05-16 19:07 <KANSIO> d-------- C:\Program Files\The Cleaner Free
    2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\Users\All Users\TEMP
    2008-05-16 00:07 . 2008-05-16 00:07 <KANSIO> d-------- C:\ProgramData\TEMP
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\\AppData\Roaming\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\Users\All Users\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:00 <KANSIO> d-------- C:\ProgramData\Simply Super Software
    2008-05-16 00:00 . 2008-05-16 00:04 <KANSIO> d-------- C:\Program Files\Trojan Remover
    2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Users\All Users\Adobe
    2008-05-09 22:24 . 2008-05-09 22:24 <KANSIO> d-------- C:\Program Files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-19 18:10 --------- d-----w C:\Program Files\SopCast
    2008-05-19 17:18 --------- d-----w C:\Program Files\Norton 360
    2008-05-18 11:11 --------- d-----w C:\ProgramData\Symantec
    2008-05-16 23:03 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-16 20:59 --------- d-----w C:\ProgramData\Lavasoft
    2008-05-16 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-16 20:54 --------- d-----w C:\Program Files\PokerStars
    2008-05-16 16:48 --------- d-----w C:\Program Files\Windows Mail
    2008-05-16 08:23 --------- d-----w C:\Program Files\CCleaner
    2008-05-15 13:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-13 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-09 12:32 --------- d-----w C:\Users\\AppData\Roaming\Malwarebytes
    2008-04-09 12:32 --------- d-----w C:\ProgramData\Malwarebytes
    2008-04-04 16:45 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-04-04 16:45 --------- d-----w C:\Program Files\Atheros
    2008-04-04 16:45 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-04-04 16:45 --------- d-----w C:\Program Files\7-Zip
    2008-04-04 16:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-04 16:44 --------- d-----w C:\Users\AppData\Roaming\Stellarium
    2008-04-04 16:44 --------- d-----w C:\ProgramData\Symantec Temporary Files
    2008-04-04 16:44 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-04-04 16:44 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-04 16:44 --------- d-----w C:\Program Files\Launch Manager
    2008-04-04 16:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-03-28 15:09 --------- d-----w C:\Program Files\Windows Live
    2008-03-28 14:24 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-28 14:01 --------- d-----w C:\Users\Okko\AppData\Roaming\Lavasoft
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-11-27 11:08 22,328 ----a-w C:\Users\\AppData\Roaming\PnkBstrK.sys
    2007-08-29 15:12 174 --sha-w C:\Program Files\desktop.ini
    2007-08-28 18:36 4,129,768 ----a-w C:\Users\\DCPlusPlus-0.699.exe
    2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-11-21 14:28 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-11-21 14:28 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ------- Sigcheck -------

    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 13:56 131072]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:33 201728]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:34 125440]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 09:45 815104]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 08:37 4186112 C:\Windows\RtHDVCpl.exe]
    "FerrariWP"="C:\Acer\WallPaper\FerrariWP\FerrariWP.exe" [2007-01-18 17:45 31528]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
    "Acer Tour"="" []
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 20:40 13312]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 06:27 483328]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512]
    "AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712]
    "eRecoveryService"="" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 17:56 1006264]
    "WinampAgent"="D:\\Ohjelmat\Winamp\winampa.exe" [2004-12-20 21:41 33792]
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-01-22 21:20 125032]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-08-06 19:03:08 1187840]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-07 12:46:46 719664]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-14 20:25:03 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{B7DD177E-67E6-4998-9B5C-3B53AAB2681B}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{451D5E98-A0B0-4A6E-AD94-AC814DFCD109}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
    "{F8046918-51CB-48A6-BB54-B7BE2819FD46}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
    "{7276772B-AC89-41EB-A242-E959A23D5757}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
    "{13DFF211-7316-4C38-8F1C-E5D4A44F40B2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5BEA8EC1-28B2-40AB-A18F-30D08F829BCC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:CyberLink PlayMovie
    "{A644C70B-D2DE-4995-A9A5-53910A22AC42}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:CyberLink PlayMovie Resident Program
    "{E7C65FDB-C529-44DE-A735-C141249B52F7}"= UDP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
    "{314AAC77-8CA0-4D3C-ACAB-755348E76693}"= TCP:C:\Program Files\Norton 360\MainStub.exe:Norton 360
    "{E3845F17-DB9A-4456-9DDD-65057865BB6D}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{6E7D7C8E-9CB7-47B9-B728-A333B71C8EFB}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{D3C74757-2732-48C3-813F-81E25515D401}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{251B96F6-3D8F-447D-9ED4-996F0B536C61}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{5E4573C9-F354-42B8-93BF-54BEC524D8A7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{99B887FB-10D4-4209-9390-E34CFBDC021C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{1E5C5251-5899-4CC7-B7A2-B58A4266B516}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B55E3FCC-ED83-44B7-9406-55261559BC62}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B518A02D-24BF-42D2-972F-A6EFC8A6F1E3}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{B68EFD8F-CEB7-4DAC-8D32-35239CC30BE7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{B743E461-31E7-440D-8A67-CFDA2E47B6BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CE3D1806-55AF-4B28-BE98-4412F8CE4909}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4D6BFE44-308E-4371-9990-C3E6CAE7088A}"= UDP:C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{8A53E153-EBAE-49D5-8FDB-12342D3D010E}"= UDP:C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 19:18]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
    R2 RapiMgr;Windows Mobile -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WcesComm;Windows Mobile 2003 -laitteen liitettävyys;C:\Windows\system32\svchost.exe [2006-11-02 12:45]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 09:38]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 10:30]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 08:45]
    R3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 11:07]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 11:05]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 11:09]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 13:36]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 07:16]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
    S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [2007-05-31 22:11]
    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f33-cea4-11dc-9322-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211b9f34-cea4-11dc-9322-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2681e6e3-bad1-11dc-915a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e684-d26a-11dc-9cd3-001b2423bb7f}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d39e685-d26a-11dc-9cd3-001b2423bb7f}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb8-a366-11dc-8f14-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1d1cb9-a366-11dc-8f14-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b472c038-c522-11dc-bff3-00197edf806e}]
    \shell\AutoRun\command - H:\AutoRunLauncher.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51d-a1c6-11dc-b66a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4def51e-a1c6-11dc-b66a-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a4-a1cb-11dc-9eb8-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbc36a5-a1cb-11dc-9eb8-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e89-5d0f-11dc-a349-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91c0e8a-5d0f-11dc-a349-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef986a-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9875-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce4-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edef9ce5-556e-11dc-a444-00197edf806e}]
    \shell\AutoRun\command - F:\VMC_PBStarter.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {264387C0-5B9A-F85A-CAF2-FDBA49EC9D35} /qb
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-20 22:36:13
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-05-20 22:37:03
    ComboFix-quarantined-files.txt 2008-05-20 19:36:56

    Pre-Run: 32,352,854,016 tavua vapaana
    Post-Run: 32,462,680,064 tavua vapaana

    259 --- E O F --- 2008-05-16 23:04:05
     
    GraTu, May 20, 2008
    #4
  5. GraTu

    GraTu Guest

    Malwarebytes' Anti-Malware 1.12
    Tietokantaversio: 770

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|H:\|)
    Tarkistetut kohteet: 127328
    Kulunut aika: 26 minute(s), 7 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 0
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    (Haitallisia kohteita ei löydetty)
     
    GraTu, May 20, 2008
    #5
  6. Hujo

    Hujo Guest

    Poista lisää poista sovelutuksesta

    TrojanHunter 5.0
    SUPERAntiSpyware
    Trojan Remover

    Poista vikasiedossa

    C:\Program Files\Trojan Remover
    C:\Bases
    C:\Kaspersky
    C:\Users\All Users\Avg8
    C:\ProgramData\Avg8
    C:\Program Files\TrojanHunter 5.0
    C:\Users\\AppData\Roaming\TrojanHunter
    C:\Users\All Users\SUPERAntiSpyware.com
    C:\Program Files\SUPERAntiSpyware
     
    Last edited by a moderator: May 20, 2008
    Hujo, May 20, 2008
    #6
  7. GraTu

    GraTu Guest

    Kiitos jo tässä vaiheessa avusta! Nyt ne pitäisi olla poistettuna. Ajoin päälle vielä CCleanerin.
    Mitäs sitten?
     
    GraTu, May 21, 2008
    #7
  8. Hujo

    Hujo Guest

    Mites nyt pysyykö päällä virustorjunta
     
    Hujo, May 21, 2008
    #8
  9. GraTu

    GraTu Guest

    Ei pysy. Norton ei suostu ottaan vieläkään Auto-Protectia käyttöön.
     
    GraTu, May 21, 2008
    #9
  10. Hujo

    Hujo Guest

    Asennas virustorjunta uudelleen.
     
    Hujo, May 22, 2008
    #10
  11. GraTu

    GraTu Guest

    Asensin virustorjunnan uudestaan ja nyt pysyy Auto-Protect päällä. Kiitän ja kumarran!
     
    GraTu, May 22, 2008
    #11
  12. Hujo

    Hujo Guest

    Hyvä
     
    Hujo, May 22, 2008
    #12

Share This Page