Joo elikkäs päästelee harvakseltaan outoa merkki/valintaääntä (ihan kuin jokin olisi suoritettu loppuun tai jokin laite olisi liitetty tai poistettu järjestelmästä) Myöskin kovalevyn koko vaihtelee useita kertoja viikon aikana jopa 6Gt välillä, vaikka eheytys on asetettu suoritettavaksi 1kk välein ja muut ohjelmat ovat käyttämättöminä. Olen käyttänyt F-securea,Ccleaneria ja ad-awarea säännöllisesti ja joskus löytyy jotain ja viimeaikoina ei ole löytynyt mitään. Tähän mennessä ohjelmat ovat ilmoittaneet aina ongelman poistumisesta onnistuneesti, mutta tuo ihme ääntely ei mielestäni ole kovin normaalia. Myöskin käynnistys tahmaa vaikka olen yrittänyt fiksailla ccleanerilla käynnistysmerkinnät minimiin. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:39, on 16.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxext.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9941 bytes Joskopa tuosta kukaan mitään osaisi kertoa?
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi =================== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ================ merki äänet voi olla ilmoitus virheestä
Kiitoksia yksi botti hälytys löytyi ja sen poistin ja tuhosin. Alempaa ihmettelen noita paria uutta servicea? Tiiä sitten löytyykö vielä jotain muuta. Tuossa vielä nuo logi tiedostot Malwarebytes' Anti-Malware 1.31 Tietokantaversio: 1511 Windows 6.0.6001 Service Pack 1 17.12.2008 22:17:45 mbam-log-2008-12-17 (22-17-38).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 256928 Kulunut aika: 2 hour(s), 45 minute(s), 30 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 1 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Program Files\Sound Forge 9.0\n.exe (Backdoor.SDBot) -> No action taken. ComboFix 08-12-16.03 - Omistaja 2008-12-17 22:29:19.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2037.1066 [GMT 2:00] Sijainti: c:\users\Omistaja\Desktop\ComboFix.exe * Uusi palautuspiste luotu * Resident AV is active . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\tmp.reg c:\windows\system32\x64 . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-17 to 2008-12-17 ))))))))))))))))) . 2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\Malwarebytes 2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\users\All Users\Malwarebytes 2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\programdata\Malwarebytes 2008-12-17 18:24 . 2008-12-17 18:53 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-17 18:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-17 18:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-16 22:49 . 2008-12-16 22:49 <KANSIO> d-------- c:\program files\Trend Micro 2008-12-16 21:31 . 2008-12-16 21:30 410,984 --a------ c:\windows\System32\deploytk.dll 2008-12-16 13:07 . 2008-12-16 20:29 691 --a------ c:\users\Omistaja\AppData\Roaming\GetValue.vbs 2008-12-16 13:07 . 2008-12-16 20:29 35 --a------ c:\users\Omistaja\AppData\Roaming\SetValue.bat 2008-12-16 12:05 . 2008-12-16 12:05 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\WinPatrol 2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe 2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll 2008-12-10 17:09 . 2008-12-10 17:09 <KANSIO> dr------- c:\program files\Skype 2008-12-10 17:09 . 2008-12-10 17:09 <KANSIO> d-------- c:\program files\Common Files\Skype 2008-12-09 23:35 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-09 23:12 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-09 23:11 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-09 23:11 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-09 23:11 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-09 23:11 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-09 23:10 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-09 23:10 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-07 23:34 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll 2008-12-02 23:11 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-12-02 23:11 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-12-02 23:11 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-12-02 23:11 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-12-02 23:11 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-12-02 23:11 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-12-02 23:11 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll 2008-12-02 23:10 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-12-02 23:10 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-12-01 22:55 . 2008-12-01 22:55 40 --ah----- c:\windows\System32\ivireg.ivr 2008-12-01 15:01 . 2008-12-01 15:04 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\Corel 2008-12-01 15:01 . 2008-12-01 15:18 3,766 --ahs---- c:\users\All Users\KGyGaAvL.sys 2008-12-01 15:01 . 2008-12-01 15:18 3,766 --ahs---- c:\programdata\KGyGaAvL.sys 2008-12-01 15:01 . 2008-12-01 15:07 88 -r-hs---- c:\users\All Users\F4E0B71229.sys 2008-12-01 15:01 . 2008-12-01 15:07 88 -r-hs---- c:\programdata\F4E0B71229.sys 2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Real 2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Common Files\xing shared 2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Common Files\Real 2008-12-01 14:55 . 2008-12-01 14:55 <KANSIO> d-------- c:\users\All Users\Corel 2008-12-01 14:55 . 2008-12-01 14:55 <KANSIO> d-------- c:\programdata\Corel 2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\InterVideo 2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\Common Files\Protexis 2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\Common Files\InterVideo 2008-12-01 14:53 . 2008-12-01 14:53 <KANSIO> d-------- c:\program files\Corel 2008-11-26 15:27 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 15:27 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 15:27 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 15:27 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 15:27 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 15:12 . 2008-11-26 15:13 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 15:12 . 2008-11-26 15:13 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-17 16:24 --------- d-----w c:\users\Omistaja\AppData\Roaming\uTorrent 2008-12-17 16:24 --------- d-----w c:\users\Omistaja\AppData\Roaming\Skype 2008-12-17 16:11 --------- d-----w c:\users\Omistaja\AppData\Roaming\skypePM 2008-12-17 16:02 --------- d-----w c:\program files\F-Secure 2008-12-17 12:58 --------- d-----w c:\program files\Bonjour 2008-12-16 19:30 --------- d-----w c:\program files\Java 2008-12-16 19:15 --------- d-----w c:\program files\MagicISO 2008-12-16 08:23 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-12-10 15:09 --------- d-----w c:\programdata\Skype 2008-12-09 22:15 --------- d-----w c:\program files\Windows Mail 2008-12-09 21:38 --------- d-----w c:\programdata\Microsoft Help 2008-12-02 17:20 --------- d-----w c:\program files\WinSCP 2008-12-01 12:59 --------- d-----w c:\programdata\Apple Computer 2008-12-01 12:55 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-26 13:13 --------- d-----w c:\program files\iTunes 2008-11-26 13:12 --------- d-----w c:\program files\iPod 2008-11-26 13:12 --------- d-----w c:\program files\Common Files\Apple 2008-11-26 13:10 --------- d-----w c:\program files\QuickTime 2008-11-26 12:50 --------- d-----w c:\program files\Weather Watcher 2008-11-17 16:43 --------- d-----w c:\users\Omistaja\AppData\Roaming\WeatherWatcherLive 2008-11-12 22:46 --------- d-----w c:\users\Omistaja\AppData\Roaming\WeatherWatcher 2008-11-11 23:30 --------- d-----w c:\users\Omistaja\AppData\Roaming\PeerNetworking 2008-11-11 17:21 --------- d-----w c:\program files\myiHome 2008-11-10 17:15 --------- d-----w c:\users\Omistaja\AppData\Roaming\foobar2000 2008-11-06 20:06 --------- d-----w c:\program files\CONEXANT 2008-11-06 19:39 --------- d-----w c:\users\Omistaja\AppData\Roaming\Intel 2008-11-06 19:39 --------- d-----w c:\programdata\Roaming 2008-11-06 19:37 --------- d-----w c:\programdata\Intel 2008-11-06 19:37 --------- d-----w c:\program files\Intel 2008-11-06 19:37 --------- d-----w c:\program files\Common Files\Intel 2008-11-05 19:47 --------- d-----w c:\programdata\Lavasoft 2008-11-05 19:47 --------- d-----w c:\program files\Lavasoft 2008-11-05 19:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-03 23:22 --------- d-----w c:\users\Omistaja\AppData\Roaming\Leadertech 2008-11-03 23:20 --------- d-----w c:\program files\Common Files\Logishrd 2008-11-03 23:16 --------- d-----w c:\programdata\LogiShrd 2008-11-03 23:16 --------- d-----w c:\program files\Logitech 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-31 09:07 30,856 ----a-w c:\windows\system32\drivers\fsbts.sys 2008-10-27 15:53 --------- d-----w c:\programdata\F-Secure 2008-10-27 15:50 --------- d-----w c:\programdata\fssg 2008-10-23 06:57 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-01 11:35 22,328 ----a-w c:\users\Omistaja\AppData\Roaming\PnkBstrK.sys 2008-10-01 11:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-10-01 11:34 107,832 ----a-w c:\windows\System32\PnkBstrB.exe 2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-08-26 09:46 604 ---ha-w c:\program files\STLL Notifier 2008-07-08 23:36 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-08 23:36 56 ---ha-w c:\programdata\ezsidmv.dat 2008-04-23 22:32 174 --sha-w c:\program files\desktop.ini 2008-04-06 17:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-06 17:56 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-06 17:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-28 815104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808] "Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-01-11 1359872] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936] "F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-01 180269] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2346567242-3011342451-3503312085-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{75A99FCD-404F-4DF7-BD23-39D1B638CD17}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4FE20584-63C9-4092-AF8D-7B63D3EB0DB3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6AC490A1-F171-4005-9F49-21800A79BF89}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{65F50936-908B-4669-B84D-A0D8397FFA8A}"= UDP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "{5F2567E9-C473-4955-B5ED-07B707DE6768}"= TCP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "TCP Query User{5567FFB2-491A-4437-813C-4EB7CAE136C9}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{AA372B79-A0D5-42BE-ADBF-E6C7D15655BA}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "{1E93CFF0-5498-4FD1-8097-9E90F7CF4275}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{A549F861-7A3D-457A-9716-CFE56312F531}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{05A7762C-872F-47F8-BD21-459ADDF5D1D9}"= UDP:3703:Adobe Version Cue CS3 Server "{C85D299D-3499-40CC-8713-F5E1E8F72D3C}"= UDP:3704:Adobe Version Cue CS3 Server "{A49C2D73-DA79-468D-9416-B947C43C19C6}"= UDP:50900:Adobe Version Cue CS3 Server "{1ABC7D9A-741C-430C-9529-C6029234CF44}"= UDP:50901:Adobe Version Cue CS3 Server "{4A6D8A73-381B-4914-A86E-87F5165FEDAA}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{5F885A15-9747-48B0-8682-C1118DB59027}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{2561A2E0-2C76-4962-B56B-B07CBD2415D7}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{393C82EF-31C2-41D9-8FEA-3C23E1C553BE}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "{FB2C417B-BEFB-4248-BF5C-2925C0F180BB}"= Disabled:UDP:c:\program files\Safari\Safari.exe:Safari "{3F9BB6C0-3C15-4613-90F2-5DE6FC472343}"= Disabled:TCP:c:\program files\Safari\Safari.exe:Safari "TCP Query User{44FC4AC7-49EF-4B87-AA07-67C801C0384C}c:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox "UDP Query User{100FDB08-0932-414D-84A6-3AD772F85E13}c:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox "{2328D668-9E98-478C-91AA-A24456371B9B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{4292904F-682B-48F1-9BEB-CD978F0E061A}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{93AFD345-C351-478D-A765-4F093DF12D17}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{F8B90CF0-3C5F-434D-91D0-E33A7ABEBB5F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{39192FAF-36EE-48F3-98C5-5283B8E1192C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{B6C48612-6525-490D-87B7-45F0A283F8BC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{F16278A8-0C69-4AEB-9BAD-1F9A2916D0F7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3CF5313A-FBDC-4F43-A40A-F7B0C5201B8E}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA "{6FE90EDF-7107-49DF-89F5-2AA960DB7BD2}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA "{B28E0EC3-B45D-4B43-A772-69E34B46906D}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB "{C4B327D0-94BA-48F9-8159-B358F1F1B3EA}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB "TCP Query User{FB2C7153-0E14-41D7-99DB-249DCACD2007}c:\\program files\\firstoffice kirjanpito 5.3\\hansaworld.exe"= UDP:c:\program files\firstoffice kirjanpito 5.3\hansaworld.exe:HansaWorld "UDP Query User{F79FAECD-9B42-45B3-AD42-D5807615AAB1}c:\\program files\\firstoffice kirjanpito 5.3\\hansaworld.exe"= TCP:c:\program files\firstoffice kirjanpito 5.3\hansaworld.exe:HansaWorld "TCP Query User{5C1BAADF-D11B-41EF-87F7-E87C053B837B}c:\\program files\\winscp\\winscp.exe"= UDP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "UDP Query User{4CD6C7C8-3442-4942-8B35-A4D80A09C7A0}c:\\program files\\winscp\\winscp.exe"= TCP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client "{D929AD73-1A54-44A1-B00C-A1F853A79D7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{4E88578A-4270-4E6D-BE06-ACC79B9BBBFF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{B1B3B823-6EE4-410A-BADB-3964ECE1ED8A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C683692C-8E31-4D14-96CE-641133BC22FC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{5267F827-F362-450F-96C3-56C64543F74B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B42040D2-0494-4144-BC56-957165719172}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-10-31 30856] R1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys [2008-10-27 66720] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-10-27 35552] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-27 70944] R1 fsvista;F-Secure Vista Support Driver;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-27 12384] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-10-27 76896] R3 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure\ORSP Client\fsorsp.exe" [2008-10-27 55904] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384] S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys [2008-09-27 144008] S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-27 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-27 25184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7723dce-b881-11dd-84c7-0016363347d9}] \shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fea01472-19b7-11dd-938a-0011e2fdc762}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 22:36:35 Windows 6.0.6001 Service Pack 1 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(848) c:\program files\F-Secure\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(760) c:\program files\F-Secure\FWES\Program\fsdc32.dll - - - - - - - > 'csrss.exe'(656) c:\program files\F-Secure\FWES\Program\fsdc32.dll - - - - - - - > 'csrss.exe'(712) c:\program files\F-Secure\FWES\Program\fsdc32.dll . Valmistumisajankohta: 2008-12-17 22:43:33 ComboFix-quarantined-files.txt 2008-12-17 20:43:29 Ennen ajoa: 17 856 163 840 tavua vapaana Ajon jälkeen: 18,079,166,464 tavua vapaana 276 --- E O F --- 2008-12-15 17:47:45 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:06:32, on 17.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxext.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9927 bytes
laitas tuoo Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) AC3Filter (remove only) Ad-Aware Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.3 - Suomi Adobe Setup Adobe Setup Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} AHV content for Acrobat and Flash Apple Mobile Device Support Apple Software Update Automaattiset valikot (Windows Live Toolbar) Bonjour Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon LBP2900 Canon RAW Codec Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 2.2 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX CCleaner (remove only) CDDRV_Installer Choice Guard Combined Community Codec Pack 2008-09-21 16:18 Conexant HD Audio Contacts Corel WinDVD 9 ffdshow [rev 2135] [2008-09-21] F-Secure Client Security - Internet-suojaus F-Secure Client Security - Järjestelmänhallinta F-Secure Client Security - Sähköpostin tarkistus F-Secure Client Security - Web-liikenteen tarkistus F-Secure Client Security - Virus- ja vakoilusuojaus GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Intel PROSet Wireless Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java(TM) 6 Update 11 Keyboard Manager Utility KhalInstallWrapper Korostuksen katselu (Windows Live Toolbar) Logitech Desktop Messenger Logitech Legacy USB Camera Driver Package Logitech QuickCam Logitech QuickCam Driver Package Logitech SetPoint Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Express Edition - ENU Microsoft Visual C++ 2008 Express Edition - ENU MobilePre Mozilla Firefox (3.0.4) Mozilla Sunbird (0.9) MSDN Library for Microsoft Visual Studio 2008 Express Editions MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) myiHome v5.0.2 Nero 8 neroxml OriginPro 8 PDF Settings Programmer's Notepad 2 PyQt GPL v4.4.2 for Python v2.5 Python 2.5.2 QuickTime RealPlayer Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Visio 2007 (KB947590) Skype™ Beta 4.0 Sony Sound Forge 9.0 Synaptics Pointing Device Driver Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office Excel 2007 Help (KB957242) Update for Microsoft Office OneNote 2007 Help (KB957245) Update for Microsoft Office PowerPoint 2007 Help (KB957247) Update for Microsoft Office Word 2007 Help (KB957252) Update for Microsoft Script Editor Help (KB957253) Update for Office 2007 (KB946691) VC Runtimes MSI VCRedistSetup Weather Watcher Weather Watcher Windows Live Beta (all programs) Windows Live Beta (all programs) Windows Live Call Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbarin laajennus (Windows Live Toolbar) Windows Media Player Firefox Plugin WinRAR archiver WinSCP 4.1.8
Poista lisää poista sovelutuksesta Logitech Desktop Messenger ================= Kirjoita suorita luukkuun ComboFix /u paina Ok ============== scannaa hjt:llä merkkaa paina Fix checked R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
Kiitoksia kone käynnistyy yli puolet nopeammin kuin ennen. Olikos siinä sitten kaikki? Tuosta ääni hommelista en vielä tiedä hävisikö, mutta aika näyttää. Jos ei huomenna kuulu mitää niin sitten varmaan on hävinny
ääh taas kuuluu niitä ääniä. Se on sellanen tosi nopea ääni, eikä se liity mihinkään käyttämääni ohjelmaan. En keksi mitää järkevää selitystä. Peräkkäin tulee nopeasti ensin korkea ja sitten matala ääni. Mitenhän sitä sitten paremmin kuvailis ja yht äkkiä taas kovalevyltä vapautu tilaa n.5Gt kummallista. Huomasin sellastakin että puhdistusten jälkeen käynnistellessäni konetta ei aluksi kuulunut sivupalkin ja työpöydän latailun aikana mitään ääniä, mut sitten ku käytin ccleaneria, ni nyt sit kuuluu taas jotai ääniä käynnistyksenki yhteydes. tiedä sittten onko hyvä vai huono. Miten muuten tuo cathme service? onko sillä jotain tekemistä tuon "CATH ME IF YOU CAN" madon kans? Googlettelin ja symantecin sivuilta ongin jotain tarinoita Gmer:stä löysin yhden kommentin mikä ei tykänny hyvää siitä. Kyselenkö turhia vai onko noilla jotain tekemistä jonku kanssa? *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 22:36:35 Windows 6.0.6001 Service Pack 1 NTFS
