Virus koneella, HJT-logi

lurtsifan · Jul 6, 2008

Elikkäs kone lisäilee työpöydälle pikakuvakkeita pornosivuille ja tyrkyttää ns. virustentorjuntaohjelmia.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\Sys15AA.exe
C:\Windows\Sys1665.exe
C:\Windows\Sys1849.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Sys1904.exe
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdatgms.exe
O4 - HKLM\..\Run: [Sys15AA.exe] C:\Windows\Sys15AA.exe
O4 - HKLM\..\Run: [Sys1665.exe] C:\Windows\Sys1665.exe
O4 - HKLM\..\Run: [Sys1849.exe] C:\Windows\Sys1849.exe
O4 - HKLM\..\Run: [Sys1904.exe] C:\Windows\Sys1904.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBTjkk.dll,#1
O4 - HKLM\..\Run: [DelayLoad] C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll,c
O4 - HKCU\..\Run: [6cd11b41] rundll32.exe "C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysBA49.exe] C:\Windows\SysBA49.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 11125 bytes

Hujo · Jul 6, 2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===============

Malwarebytes' Anti-Malware onkin koneella päivitä ensin ja aja sitten

================

Poista koneelta

Spybot - Search & Destroy

Poista kansio

C:\Program Files\Spybot - Search & Destroy

lurtsifan · Jul 6, 2008

Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 928
Windows 6.0.6001 Service Pack 1

02:55:31 2008-07-07
mbam-log-7-7-2008 (02-55-28).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 143505
Kulunut aika: 1 hour(s), 29 minute(s), 20 second(s)

Saastuneita muistiprosesseja: 3
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 10
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 26

Saastuneita muistiprosesseja:
C:\Windows\Sys1665.exe (Trojan.Agent) -> No action taken.
C:\Windows\Sys1904.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe (Trojan.Clicker) -> No action taken.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys1665.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys1904.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DelayLoad (Trojan.Clicker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysBA49.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6cd11b41 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3ba3028f-fd37-46bf-ad27-733734684f06} (Trojan.Vundo) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

Saastuneita tiedostoja:
C:\Windows\Sys1665.exe (Trojan.Agent) -> No action taken.
C:\Windows\Sys1904.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe (Trojan.Clicker) -> No action taken.
C:\Windows\SysBA49.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Agent) -> No action taken.
C:\Users\Tommi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOW4FPXW\1215378122[1].exe (Trojan.Clicker) -> No action taken.
C:\Windows\SysB0F6.exe (Trojan.Agent) -> No action taken.
C:\Windows\SysB27C.exe (Trojan.Agent) -> No action taken.
C:\Windows\SysB95F.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Windows\System32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\mlJBTjkk.dll (Trojan.Vundo) -> No action taken.
C:\Users\Tommi\Desktop\0nline p0rn.url (Rogue.Link) -> No action taken.
C:\Users\Tommi\Desktop\FREE gallery of the day.url (Rogue.Link) -> No action taken.

Hujo · Jul 6, 2008

Onkos tuo tehty Malwarebytes' Anti-Malware

5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.

============

sitten se combofix loki

lurtsifan · Jul 6, 2008

combofix loki tässä:
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57

lurtsifan · Jul 6, 2008

combofix loki tässä:
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57
ComboFix 08-07-05.1 - Tommi 2008-07-07 3:54:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1766 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-07-06 23:59 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys15AA.exe
2008-07-06 23:59 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys1849.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 03:52 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 03:53 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 02:55 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 21:06 --------- d-----w C:\Program Files\McAfee
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"SysE2CF.exe"="C:\Windows\SysE2CF.exe" [2008-07-03 20:14 32256]
"SysE5FA.exe"="C:\Windows\SysE5FA.exe" [2008-07-03 20:14 30208]
"cmds"="C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll" [2008-07-07 00:11 318720]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 05:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Sys15AA.exe"="C:\Windows\Sys15AA.exe" [2008-07-03 20:14 32256]
"Sys1849.exe"="C:\Windows\Sys1849.exe" [2008-07-03 20:14 30208]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-28 14:16]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMCATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 03:57:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\Users\Tommi\AppData\Local\Temp\vyqcjmkc.dll
-> C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
.
Completion time: 2008-07-07 3:58:36
ComboFix-quarantined-files.txt 2008-07-07 00:58:29

Pre-Run: 60,735,389,696 tavua vapaana
Post-Run: 60,762,923,008 tavua vapaana

290 --- E O F --- 2008-06-11 18:36:57

Hujo · Jul 6, 2008

C:\Windows\SysE2CF.exe <-- mille firmalle kuuluu tuo, katso
ominaisuudet

laita vielä virustotaaliin

Lähetetääni tiedosto Virustotaliin
virustotal

1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto: C:\Windows\SysE2CF.exe
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.

=========

scannaa uusi hjt:n loki

lurtsifan · Jul 6, 2008

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\Sys15AA.exe
C:\Windows\Sys1665.exe
C:\Windows\Sys1849.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Sys1904.exe
C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdatgms.exe
O4 - HKLM\..\Run: [Sys15AA.exe] C:\Windows\Sys15AA.exe
O4 - HKLM\..\Run: [Sys1665.exe] C:\Windows\Sys1665.exe
O4 - HKLM\..\Run: [Sys1849.exe] C:\Windows\Sys1849.exe
O4 - HKLM\..\Run: [Sys1904.exe] C:\Windows\Sys1904.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBTjkk.dll,#1
O4 - HKLM\..\Run: [DelayLoad] C:\Users\Tommi\AppData\Local\Temp\atmadm2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll,c
O4 - HKCU\..\Run: [6cd11b41] rundll32.exe "C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysBA49.exe] C:\Windows\SysBA49.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 11125 bytes

tiedotolle ei näkynyt firmaa, virustotalin tiedot:
MD5: ac86a3e22659f16f6a9a700f49974819
First received: 07.01.2008 18:50:49 (CET)
Date: 07.06.2008 12:31:04 (CET) [<1D]
Results: 16/33
Permalink: analisis/84ff4c2aa49902604d62811349fe8897

Hujo · Jul 6, 2008

Poista lisää poista sovelutuksesta

Spybot - Search & Destroy
VAV

Poista vikasiedossa kansio

C:\Program Files\Spybot - Search & Destroy
C:\Program Files\VAV

======

eipä tullut virustotaalista kaikkia

============

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\Windows\system32\mlJBTjkk.dll
C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll
C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll
C:\Windows\Sys15AA.exe
C:\Windows\Sys1665.exe
C:\Windows\Sys1849.exe
C:\Windows\Sys1904.exe
C:\Windows\SysBA49.exe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

============

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Sys15AA.exe] C:\Windows\Sys15AA.exe
O4 - HKLM\..\Run: [Sys1665.exe] C:\Windows\Sys1665.exe
O4 - HKLM\..\Run: [Sys1849.exe] C:\Windows\Sys1849.exe
O4 - HKLM\..\Run: [Sys1904.exe] C:\Windows\Sys1904.exe
O4 - HKCU\..\Run: [SysBA49.exe] C:\Windows\SysBA49.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJBTjkk.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll,c
O4 - HKCU\..\Run: [6cd11b41] rundll32.exe "C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll",b
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe

===============

Poista vanha hjt:n loki ja scannaa uusi

lurtsifan · Jul 7, 2008

Combofixin loki:
ComboFix 08-07-05.1 - Tommi 2008-07-07 14:20:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1878 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
Command switches used :: C:\Users\Tommi\Downloads\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
C:\Users\Tommi\AppData\Local\Temp\hbccjphy.dll
C:\Users\Tommi\AppData\Local\Temp\kHAppPGx.dll
C:\Windows\Sys15AA.exe
C:\Windows\Sys1665.exe
C:\Windows\Sys1849.exe
C:\Windows\Sys1904.exe
C:\Windows\SysBA49.exe
C:\Windows\system32\mlJBTjkk.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Tommi\AppData\Local\Temp\awtrSkiF.dll
C:\Windows\Sys15AA.exe
C:\Windows\Sys1849.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 14:24 . 2008-07-03 20:14 32,256 --a------ C:\Windows\Sys2377.exe
2008-07-07 14:24 . 2008-07-03 20:14 30,208 --a------ C:\Windows\Sys22BC.exe
2008-07-07 14:12 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysBDF1.exe
2008-07-07 14:12 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysBD74.exe
2008-07-07 04:35 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB347.exe
2008-07-07 04:35 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5A7.exe
2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 03:42 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysE2CF.exe
2008-07-07 03:42 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysE5FA.exe
2008-07-07 03:05 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB6EF.exe
2008-07-07 03:05 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB6D0.exe
2008-07-07 02:57 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB5E6.exe
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:51 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB8C3.exe
2008-07-07 00:51 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB940.exe
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 00:06 . 2008-07-03 20:14 32,256 --a------ C:\Windows\SysB27D.exe
2008-07-07 00:06 . 2008-07-03 20:14 30,208 --a------ C:\Windows\SysB431.exe
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 14:22 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 14:20 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 04:28 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 11:19 --------- d-----w C:\Program Files\McAfee
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-07-07_ 3.57.47.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 00:41:34 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-07 11:23:48 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-07 00:42:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-07 11:24:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-07 11:24:24 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-07 00:57:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-07 11:24:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-07 11:24:24 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-06 23:55:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-07 11:19:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-06 23:55:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 11:19:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-06 23:55:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-07 11:19:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-07 00:47:36 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-07 11:19:25 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-07 00:47:36 80,514 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-07-07 11:19:25 80,514 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-07-07 00:47:36 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-07 11:19:25 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-07 00:47:36 435,392 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-07-07 11:19:25 435,392 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-07-07 00:43:32 4,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939604003-2811423223-2025799433-1000_UserData.bin
+ 2008-07-07 11:14:50 4,172 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939604003-2811423223-2025799433-1000_UserData.bin
- 2008-07-07 00:43:32 66,814 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 11:14:50 66,948 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-07 00:43:31 50,204 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 11:14:49 50,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]
"Sys22BC.exe"="C:\Windows\Sys22BC.exe" [2008-07-03 20:14 30208]
"Sys2377.exe"="C:\Windows\Sys2377.exe" [2008-07-03 20:14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S2 0247401215429545mcinstcleanup;McAfee Application Installer Cleanup (0247401215429545);C:\Windows\TEMP\024740~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Sys15AA.exe - C:\Windows\Sys15AA.exe
HKLM-Run-Sys1849.exe - C:\Windows\Sys1849.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 14:24:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Users\Tommi\AppData\Local\Microsoft\Portable Devices\wpdlog05.sqm 472 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysBD74.exe
C:\Windows\SysBDF1.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-07 14:27:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 11:26:58
ComboFix2.txt 2008-07-07 00:58:37

Pre-Run: 60,539,871,232 tavua vapaana
Post-Run: 60,282,355,712 tavua vapaana

363 --- E O F --- 2008-06-11 18:36:57

Hijackin logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:41, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\SysBD74.exe
C:\Windows\SysBDF1.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sys22BC.exe] C:\Windows\Sys22BC.exe
O4 - HKCU\..\Run: [Sys2377.exe] C:\Windows\Sys2377.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: McAfee Application Installer Cleanup (0247401215429545) (0247401215429545mcinstcleanup) - Unknown owner - C:\Windows\TEMP\024740~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 8561 bytes

Hujo · Jul 7, 2008

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKCU\..\Run: [Sys22BC.exe] C:\Windows\Sys22BC.exe
O4 - HKCU\..\Run: [Sys2377.exe] C:\Windows\Sys2377.exe

=================

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

File::
C:\Windows\SysB27D.exe
C:\Windows\SysB431.exe
C:\Windows\SysB8C3.exe
C:\Windows\SysB940.exe
C:\Windows\SysE2CF.exe
C:\Windows\SysE5FA.exe
C:\Windows\SysB6EF.exe
C:\Windows\SysB6D0.exe
C:\Windows\SysB5E6.exe
C:\Windows\Sys2377.exe
C:\Windows\Sys22BC.exe
C:\Windows\SysBDF1.exe
C:\Windows\SysBD74.exe
C:\Windows\SysB347.exe
C:\Windows\SysB5A7.exe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

lurtsifan · Jul 7, 2008

Kone vaikuttaisia jo melko puhtaalta, uudelleenkäynnistyksen yhteydessä ei tullut virusohjelman mainosta. Tässä loki:
ComboFix 08-07-05.1 - Tommi 2008-07-07 15:14:49.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1903 [GMT 3:00]
Running from: C:\Users\Tommi\Downloads\ComboFix.exe
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-07 to 2008-07-07 )))))))))))))))))
.

2008-07-07 15:14 . 2008-07-07 15:14 <KANSIO> d-------- C:\327882R2FWJFW
2008-07-07 03:48 . 2008-07-07 03:48 62 --a------ C:\Windows\wininit.ini
2008-07-07 01:54 . 2008-07-07 01:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-07 01:22 . 2008-07-07 01:23 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-07-07 01:20 . 2008-07-07 01:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 01:20 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-07 01:20 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-07 00:55 . 2008-07-07 00:55 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 00:18 . 2008-07-07 03:03 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:20 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-07-07 00:17 . 2008-07-07 00:17 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-07 00:16 . 2008-07-07 00:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 15:00 . 2008-07-03 13:31 510 --a------ C:\Windows\WORDPAD.INI
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Thunderbird
2008-06-29 18:25 . 2008-06-29 18:25 <KANSIO> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Users\All Users\Google
2008-06-29 18:21 . 2008-06-29 18:21 <KANSIO> d-------- C:\Program Files\Google
2008-06-29 18:14 . 2008-06-29 18:14 882 --a------ C:\Windows\Active Setup Log.BAK
2008-06-29 14:04 . 2008-06-29 14:05 117,058,194 --a------ C:\Windows\MEMORY.DMP
2008-06-26 15:51 . 2008-06-26 15:51 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\PeerNetworking
2008-06-26 14:17 . 2008-06-26 14:17 <KANSIO> d-------- C:\Program Files\Common Files\Adobe(3)
2008-06-26 14:17 . 2008-06-26 14:18 <KANSIO> d-------- C:\Program Files\Adobe(2)
2008-06-23 20:57 . 2008-06-23 20:57 <KANSIO> d-------- C:\Users\Tommi\Option
2008-06-23 02:45 . 2008-06-23 02:45 <KANSIO> d-------- C:\Program Files\DC++(6)
2008-06-23 02:40 . 2008-06-23 02:40 <KANSIO> d-------- C:\Program Files\RevConnect(11)
2008-06-23 01:12 . 2008-06-23 01:12 <KANSIO> d-------- C:\Converted
2008-06-23 01:02 . 2008-06-30 01:03 <KANSIO> d-------- C:\Users\Tommi\{35126063-bbc8-47de-8961-920408bd6187}
2008-06-23 00:59 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\AllMusicConverter
2008-06-23 00:59 . 2008-06-04 12:05 184,320 --a------ C:\Windows\System32\snmvtsvc.exe
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 23,096 --a------ C:\Windows\System32\drivers\MusCDriverV32.sys
2008-06-23 00:59 . 2008-06-04 10:19 10,936 --a------ C:\Windows\System32\MusCVideo32.dll
2008-06-23 00:59 . 2008-06-04 10:19 4,154 --a------ C:\Windows\System32\MusCDriverV32.inf
2008-06-23 00:59 . 2008-06-04 10:19 3,768 --a------ C:\Windows\System32\MusCVideo32.sys
2008-06-23 00:59 . 2008-06-04 10:19 2,659 --a------ C:\Windows\System32\MusCVideo32.inf
2008-06-23 00:59 . 2008-06-04 10:19 2,413 --a------ C:\Windows\System32\MusCVideo32.cat
2008-06-23 00:59 . 2008-06-04 10:19 2,006 --a------ C:\Windows\System32\MusCDriverV32.cat
2008-06-20 16:16 . 2008-06-20 16:16 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-19 02:53 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\RevConnect
2008-06-19 02:44 . 2008-06-30 01:03 <KANSIO> d-------- C:\Program Files\DC++
2008-06-14 16:56 . 2008-07-05 21:43 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Hamachi
2008-06-14 16:55 . 2008-06-14 16:56 <KANSIO> d-------- C:\Program Files\Hamachi
2008-06-14 16:55 . 2008-06-14 16:55 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-13 17:43 . 2008-06-13 17:43 <KANSIO> dr-h----- C:\Users\Tommi\AppData\Roaming\SecuROM
2008-06-13 17:42 . 2008-06-13 17:42 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\eSobi
2008-06-13 11:16 . 2008-06-13 11:16 <KANSIO> d-------- C:\Users\Tommi\Program Files
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d--h----- C:\Users\Tommi\InstallAnywhere
2008-06-13 03:15 . 2008-06-13 03:16 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2008-06-13 03:15 . 2008-06-13 03:15 <KANSIO> d-------- C:\Program Files\Sports Interactive
2008-06-13 03:14 . 2008-06-13 03:15 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Sports Interactive
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\Users\All Users\Last.fm
2008-06-13 00:51 . 2008-06-13 00:51 <KANSIO> d-------- C:\ProgramData\Last.fm
2008-06-13 00:50 . 2008-06-13 00:50 <KANSIO> d-------- C:\Program Files\Last.fm
2008-06-12 23:55 . 2008-07-07 15:06 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\DNA
2008-06-12 23:55 . 2008-07-07 00:04 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\BitTorrent
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\DNA
2008-06-12 23:55 . 2008-06-12 23:55 <KANSIO> d-------- C:\Program Files\BitTorrent
2008-06-11 20:57 . 2008-06-11 20:57 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 20:05 . 2008-06-11 20:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-06-11 19:42 . 2008-06-11 19:42 <KANSIO> d-------- C:\Windows\Sun
2008-06-11 19:42 . 2008-06-11 19:42 550 --a------ C:\Windows\mozver.dat
2008-06-11 19:40 . 2008-06-11 19:41 <KANSIO> d-------- C:\Program Files\Java
2008-06-11 19:37 . 2008-06-11 19:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-11 19:15 . 2008-06-11 19:15 0 --a------ C:\Windows\nsreg.dat
2008-06-11 19:01 . 2008-06-11 19:02 <KANSIO> d-------- C:\ACERSW
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Windows\Acer_Wide
2008-06-11 18:38 . 2008-06-11 18:53 <KANSIO> d-------- C:\Windows\Acer_Normal
2008-06-11 18:38 . 2008-06-11 18:38 <KANSIO> d-------- C:\Program Files\Acer Incorporated
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-06-11 18:38 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-06-11 18:38 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-06-11 18:38 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-06-11 18:35 . 2008-06-11 18:35 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Yahoo!
2008-06-11 18:33 . 2008-06-11 18:33 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:03 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-11 18:31 . 2008-06-11 19:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 18:30 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 18:30 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 18:30 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 18:30 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:29 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-06-11 18:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-06-11 18:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-06-11 18:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-06-11 18:27 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-11 18:27 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:27 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-11 18:27 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Searches
2008-06-11 18:26 . 2008-06-11 19:08 <KANSIO> dr------- C:\Users\Tommi\Contacts
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\SiteAdvisor
2008-06-11 18:26 . 2008-06-11 18:26 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\ATI
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Videos
2008-06-11 18:25 . 2008-06-11 19:05 <KANSIO> dr------- C:\Users\Tommi\Saved Games
2008-06-11 18:25 . 2008-07-06 02:28 <KANSIO> dr------- C:\Users\Tommi\Pictures
2008-06-11 18:25 . 2008-07-05 16:31 <KANSIO> dr------- C:\Users\Tommi\Music
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> dr------- C:\Users\Tommi\Links
2008-06-11 18:25 . 2008-07-07 15:01 <KANSIO> dr------- C:\Users\Tommi\Downloads
2008-06-11 18:25 . 2008-07-07 14:33 <KANSIO> dr------- C:\Users\Tommi\Documents
2008-06-11 18:25 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Media Center Programs
2008-06-11 18:25 . 2008-04-23 00:41 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Acer GameZone Console
2008-06-11 18:25 . 2008-06-11 18:26 <KANSIO> d--h----- C:\Users\Tommi\AppData
2008-06-11 18:25 . 2008-06-29 14:05 <KANSIO> d-------- C:\Users\Tommi
2008-06-11 17:21 . 2008-06-11 17:21 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Users\All Users\ATI
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\ProgramData\ATI
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\YUAN
2008-06-11 17:18 . 2008-06-11 17:18 <KANSIO> d-------- C:\Program Files\DIFX
2008-06-11 17:18 . 2008-06-23 09:17 <KANSIO> d--hs---- C:\$RECYCLE.BIN
2008-06-11 17:14 . 2008-06-11 17:14 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-11 17:13 . 2008-06-11 17:13 <KANSIO> d-------- C:\Program Files\ATI
2008-06-11 17:13 . 2008-06-11 17:13 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-11 17:13 . 2008-06-11 17:13 0 --a------ C:\Windows\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 11:19 --------- d-----w C:\Program Files\McAfee
2008-07-06 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 14:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-20 12:04 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 15:50 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 17:57 --------- d-----w C:\Users\Tommi\AppData\Roaming\vlc
2008-06-11 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Työpöytä
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Tiedostot
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Suosikit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Mallit
2008-06-11 15:21 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
2008-06-11 15:21 --------- d-sh--w C:\Program Files\Common Files\Järjestelmä
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-25 10:30 487,424 ----a-w C:\Windows\System32\INT15.dll
2008-04-22 21:23 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 21:22 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-07-07_15.04.39,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 11:23:48 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-07 12:08:09 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-07 11:23:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-07 12:08:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-07 11:23:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-07 12:08:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-07 11:24:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-07 12:09:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-07 12:09:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-07 12:03:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-07 12:16:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-07 12:16:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-07 11:28:56 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-07 12:13:24 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-07 11:28:56 80,514 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-07-07 12:13:24 80,514 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-07-07 11:28:56 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-07 12:13:24 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-07 11:28:57 435,392 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-07-07 12:13:24 435,392 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-07-07 11:25:49 4,552 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939604003-2811423223-2025799433-1000_UserData.bin
+ 2008-07-07 12:10:11 4,576 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939604003-2811423223-2025799433-1000_UserData.bin
- 2008-07-07 11:25:49 67,050 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 12:10:11 67,074 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-07 11:25:45 50,800 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-07 12:10:09 50,864 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 05:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Tommi\Program Files\DNA\btdna.exe" [2008-06-13 11:16 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 05:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 05:25 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 00:57 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 18:49 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 18:57 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 08:21 5369856 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F437FC51-8447-4F50-A200-AB48ADA85752}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{5234E812-35DE-4824-9E47-ED49AE4554EC}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{72B98891-2783-4F50-A5CF-18A6FC8E6F7D}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{481EC971-D056-46AB-A7C2-B27E04C7DCDF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9F8B81CB-436E-4454-BAF2-282F31A9FE30}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{70AF495A-DD48-4DD5-B65C-2FD8152267F5}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{89A83514-7802-44E6-B1CE-505EB11398A1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{17E28DA0-6226-404D-90FF-9478B108674D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{A9AA388F-5DFE-4CEE-BB6C-D0CF7C7C03C6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{9C462EB5-87D6-4836-9DB3-F7DED0602CF9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{447AD60F-F14B-4AA1-B364-55E446901A57}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BA054699-71A1-45C8-979C-AF723553ADF2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15455CCB-28FF-48C8-A3DA-2CDEC00A110A}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B1965491-35E8-4A69-9875-7C55F1B3F124}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E112860F-0203-4E8E-86F5-CA337A84BE1E}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7BE1C121-92E6-43A1-AA34-32074866D361}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{404163B8-B600-4FDE-8D53-A994AA8121AF}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F76A28F9-8EDB-492E-9A15-C890DBFDB6BB}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{C4527736-9434-4877-B775-E2211C1E4092}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C5F3AAF3-6A72-408D-BB18-E0756D6FF85F}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{406E801D-86B4-46E9-94B0-82F859C9DB24}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{77C2F6B1-55BC-4EE2-9237-0D65DF76AD7F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{873FC9EC-31C0-4108-BD1A-AF3968444306}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{733FC620-B8CD-4262-B330-66ECF9DDC6AA}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0BCCAA60-9365-42EE-955A-AB2EEBF5ACA4}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A7378ABF-E9FC-4CAE-9A9B-9F7A00B551BD}"= UDP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"{DE88E7F6-51D9-462F-8C0B-CF73C1D1028C}"= TCP:C:\Users\Tommi\Documents\fm.exe:Football Manager 2008
"TCP Query User{034CCA25-1BE1-496C-BAE6-4A2955D14ECF}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exeC++
"UDP Query User{BAF93112-B5D7-4F90-AA80-2D7E71CFE64F}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exeC++
"TCP Query User{F185B79F-5496-45B1-A683-C267B180EF79}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exeC++
"UDP Query User{0BFAA5C1-B512-433A-B806-126702EDDB53}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exeC++
"TCP Query User{C69BA5DA-3836-4A4D-B087-788433E88FE4}C:\\users\\tommi\\program files\\dna\\btdna.exe"= UDP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{74688A95-0DE0-41CF-89B4-CB6AB82E86A6}C:\\users\\tommi\\program files\\dna\\btdna.exe"= TCP:C:\users\tommi\program files\dna\btdna.exe:btdna.exe
"TCP Query User{889AA4ED-A492-4D36-8551-D2CD764BC7D5}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"UDP Query User{3C278A0B-8B59-42EA-9294-3B47572F70BE}C:\\users\\tommi\\documents\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\users\tommi\documents\sports interactive\football manager 2008\fm.exe:fm.exe
"TCP Query User{F1EF1083-1885-4DC2-9705-DB66B646C818}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{02B22D37-A1A8-4DFE-8799-0B0427F91E12}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD8C1D34-F3E1-4A11-8789-7AD688E21158}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= UDP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's
"UDP Query User{603FCFB9-8D88-48A2-B44F-3C6ACEE5F13B}C:\\program files\\emco malware destroyer\\malwaredestroyer.exe"= TCP:C:\program files\emco malware destroyer\malwaredestroyer.exe:Malware Scanner for Home User's

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 09:45]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 06:23]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 18:49]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 17:58]
R3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2008-06-04 10:19]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-01-24 15:23]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 05:51]
S2 0247401215429545mcinstcleanup;McAfee Application Installer Cleanup (0247401215429545);C:\Windows\TEMP\024740~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 SoundMovieServer;SoundMovieServer;C:\Windows\system32\snmvtsvc.exe [2008-06-04 12:05]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 05:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 05:23]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 22:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-30 22:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:17:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> ?:\Windows\system32\imagehlp.dll
.
Completion time: 2008-07-07 15:18:18
ComboFix-quarantined-files.txt 2008-07-07 12:18:13
ComboFix2.txt 2008-07-07 12:05:23
ComboFix3.txt 2008-07-07 11:27:05
ComboFix4.txt 2008-07-07 00:58:37

Pre-Run: 59,964,211,200 tavua vapaana
Post-Run: 59,930,648,576 tavua vapaana

309 --- E O F --- 2008-06-11 18:36:57

Hujo · Jul 7, 2008

Päivitä Malwarebytes' Anti-Malware ja aja se

tossas vielä ohjeen kera

• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.

=============

Laita vielä viimisenä uusi hjt:n loki

lurtsifan · Jul 7, 2008

Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 929
Windows 6.0.6001 Service Pack 1

16:22:54 7.7.2008
mbam-log-7-7-2008 (16-22-54).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 139553
Kulunut aika: 32 minute(s), 51 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

HJT lopuksi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:37, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\Explorer.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: McAfee Application Installer Cleanup (0247401215429545) (0247401215429545mcinstcleanup) - Unknown owner - C:\Windows\TEMP\024740~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 8536 bytes

Hujo · Jul 7, 2008

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O13 - Gopher Prefix:

============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

lurtsifan · Jul 7, 2008

Kun koitan avata CleanUp!-osuutta, se heittää tekstin "file access denied", on kyllä tallenttettu työpöydälle.

Hujo · Jul 7, 2008

kirjoita suorita luukkuun Combofix /u ja paina ok

lurtsifan · Jul 7, 2008

Suoritettu. Onko nyt kone puhdas?
Hijack tässä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:59, on 7.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Tommi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\Explorer.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Tommi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: McAfee Application Installer Cleanup (0247401215429545) (0247401215429545mcinstcleanup) - Unknown owner - C:\Windows\TEMP\024740~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-palvelu (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe

--
End of file - 8449 bytes

Hujo · Jul 7, 2008

onhan tuo puhas

lurtsifan · Jul 7, 2008

Hyvä. Kiitokset avusta

Log in or Sign up

Virus koneella, HJT-logi

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Share This Page

Log in or Sign up

Virus koneella, HJT-logi

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Hujo Guest

lurtsifan Member

Share This Page

Useful Searches