|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Läppäri ääntelee outoja
|
|
|
RollePE
Newbie
|
16. joulukuuta 2008 @ 23:21 |
Linkki tähän viestiin
|
Joo elikkäs päästelee harvakseltaan outoa merkki/valintaääntä (ihan kuin jokin olisi suoritettu loppuun tai jokin laite olisi liitetty tai poistettu järjestelmästä) Myöskin kovalevyn koko vaihtelee useita kertoja viikon aikana jopa 6Gt välillä, vaikka eheytys on asetettu suoritettavaksi 1kk välein ja muut ohjelmat ovat käyttämättöminä. Olen käyttänyt F-securea,Ccleaneria ja ad-awarea säännöllisesti ja joskus löytyy jotain ja viimeaikoina ei ole löytynyt mitään. Tähän mennessä ohjelmat ovat ilmoittaneet aina ongelman poistumisesta onnistuneesti, mutta tuo ihme ääntely ei mielestäni ole kovin normaalia. Myöskin käynnistys tahmaa vaikka olen yrittänyt fiksailla ccleanerilla käynnistysmerkinnät minimiin.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:39, on 16.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9941 bytes
Joskopa tuosta kukaan mitään osaisi kertoa?
|
|
Hujo
Suspended permanently
|
17. joulukuuta 2008 @ 17:39 |
Linkki tähän viestiin
|
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
===================
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
================
merki äänet voi olla ilmoitus virheestä
Voiko tietsikka koskaan toimia?
|
|
RollePE
Newbie
|
17. joulukuuta 2008 @ 23:17 |
Linkki tähän viestiin
|
Kiitoksia yksi botti hälytys löytyi ja sen poistin ja tuhosin. Alempaa ihmettelen noita paria uutta servicea? Tiiä sitten löytyykö vielä jotain muuta.
Tuossa vielä nuo logi tiedostot
Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1511
Windows 6.0.6001 Service Pack 1
17.12.2008 22:17:45
mbam-log-2008-12-17 (22-17-38).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 256928
Kulunut aika: 2 hour(s), 45 minute(s), 30 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Program Files\Sound Forge 9.0\n.exe (Backdoor.SDBot) -> No action taken.
ComboFix 08-12-16.03 - Omistaja 2008-12-17 22:29:19.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.2037.1066 [GMT 2:00]
Sijainti: c:\users\Omistaja\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
c:\windows\system32\x64
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-17 to 2008-12-17 )))))))))))))))))
.
2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\Malwarebytes
2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2008-12-17 18:24 . 2008-12-17 18:24 <KANSIO> d-------- c:\programdata\Malwarebytes
2008-12-17 18:24 . 2008-12-17 18:53 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 18:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-17 18:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-16 22:49 . 2008-12-16 22:49 <KANSIO> d-------- c:\program files\Trend Micro
2008-12-16 21:31 . 2008-12-16 21:30 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-16 13:07 . 2008-12-16 20:29 691 --a------ c:\users\Omistaja\AppData\Roaming\GetValue.vbs
2008-12-16 13:07 . 2008-12-16 20:29 35 --a------ c:\users\Omistaja\AppData\Roaming\SetValue.bat
2008-12-16 12:05 . 2008-12-16 12:05 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\WinPatrol
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-10 17:09 . 2008-12-10 17:09 <KANSIO> dr------- c:\program files\Skype
2008-12-10 17:09 . 2008-12-10 17:09 <KANSIO> d-------- c:\program files\Common Files\Skype
2008-12-09 23:35 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:12 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-09 23:11 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-09 23:11 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-09 23:11 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-09 23:11 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 23:10 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-09 23:10 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-07 23:34 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll
2008-12-02 23:11 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-02 23:11 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-02 23:11 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-02 23:11 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-02 23:11 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-02 23:11 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-02 23:11 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-02 23:10 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-02 23:10 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-01 22:55 . 2008-12-01 22:55 40 --ah----- c:\windows\System32\ivireg.ivr
2008-12-01 15:01 . 2008-12-01 15:04 <KANSIO> d-------- c:\users\Omistaja\AppData\Roaming\Corel
2008-12-01 15:01 . 2008-12-01 15:18 3,766 --ahs---- c:\users\All Users\KGyGaAvL.sys
2008-12-01 15:01 . 2008-12-01 15:18 3,766 --ahs---- c:\programdata\KGyGaAvL.sys
2008-12-01 15:01 . 2008-12-01 15:07 88 -r-hs---- c:\users\All Users\F4E0B71229.sys
2008-12-01 15:01 . 2008-12-01 15:07 88 -r-hs---- c:\programdata\F4E0B71229.sys
2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Real
2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Common Files\xing shared
2008-12-01 14:58 . 2008-12-01 14:58 <KANSIO> d-------- c:\program files\Common Files\Real
2008-12-01 14:55 . 2008-12-01 14:55 <KANSIO> d-------- c:\users\All Users\Corel
2008-12-01 14:55 . 2008-12-01 14:55 <KANSIO> d-------- c:\programdata\Corel
2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\InterVideo
2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\Common Files\Protexis
2008-12-01 14:54 . 2008-12-01 14:54 <KANSIO> d-------- c:\program files\Common Files\InterVideo
2008-12-01 14:53 . 2008-12-01 14:53 <KANSIO> d-------- c:\program files\Corel
2008-11-26 15:27 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 15:27 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 15:27 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 15:27 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 15:27 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 15:12 . 2008-11-26 15:13 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 15:12 . 2008-11-26 15:13 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 16:24 --------- d-----w c:\users\Omistaja\AppData\Roaming\uTorrent
2008-12-17 16:24 --------- d-----w c:\users\Omistaja\AppData\Roaming\Skype
2008-12-17 16:11 --------- d-----w c:\users\Omistaja\AppData\Roaming\skypePM
2008-12-17 16:02 --------- d-----w c:\program files\F-Secure
2008-12-17 12:58 --------- d-----w c:\program files\Bonjour
2008-12-16 19:30 --------- d-----w c:\program files\Java
2008-12-16 19:15 --------- d-----w c:\program files\MagicISO
2008-12-16 08:23 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-10 15:09 --------- d-----w c:\programdata\Skype
2008-12-09 22:15 --------- d-----w c:\program files\Windows Mail
2008-12-09 21:38 --------- d-----w c:\programdata\Microsoft Help
2008-12-02 17:20 --------- d-----w c:\program files\WinSCP
2008-12-01 12:59 --------- d-----w c:\programdata\Apple Computer
2008-12-01 12:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 13:13 --------- d-----w c:\program files\iTunes
2008-11-26 13:12 --------- d-----w c:\program files\iPod
2008-11-26 13:12 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 13:10 --------- d-----w c:\program files\QuickTime
2008-11-26 12:50 --------- d-----w c:\program files\Weather Watcher
2008-11-17 16:43 --------- d-----w c:\users\Omistaja\AppData\Roaming\WeatherWatcherLive
2008-11-12 22:46 --------- d-----w c:\users\Omistaja\AppData\Roaming\WeatherWatcher
2008-11-11 23:30 --------- d-----w c:\users\Omistaja\AppData\Roaming\PeerNetworking
2008-11-11 17:21 --------- d-----w c:\program files\myiHome
2008-11-10 17:15 --------- d-----w c:\users\Omistaja\AppData\Roaming\foobar2000
2008-11-06 20:06 --------- d-----w c:\program files\CONEXANT
2008-11-06 19:39 --------- d-----w c:\users\Omistaja\AppData\Roaming\Intel
2008-11-06 19:39 --------- d-----w c:\programdata\Roaming
2008-11-06 19:37 --------- d-----w c:\programdata\Intel
2008-11-06 19:37 --------- d-----w c:\program files\Intel
2008-11-06 19:37 --------- d-----w c:\program files\Common Files\Intel
2008-11-05 19:47 --------- d-----w c:\programdata\Lavasoft
2008-11-05 19:47 --------- d-----w c:\program files\Lavasoft
2008-11-05 19:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-03 23:22 --------- d-----w c:\users\Omistaja\AppData\Roaming\Leadertech
2008-11-03 23:20 --------- d-----w c:\program files\Common Files\Logishrd
2008-11-03 23:16 --------- d-----w c:\programdata\LogiShrd
2008-11-03 23:16 --------- d-----w c:\program files\Logitech
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 09:07 30,856 ----a-w c:\windows\system32\drivers\fsbts.sys
2008-10-27 15:53 --------- d-----w c:\programdata\F-Secure
2008-10-27 15:50 --------- d-----w c:\programdata\fssg
2008-10-23 06:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-01 11:35 22,328 ----a-w c:\users\Omistaja\AppData\Roaming\PnkBstrK.sys
2008-10-01 11:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-01 11:34 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-08-26 09:46 604 ---ha-w c:\program files\STLL Notifier
2008-07-08 23:36 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-08 23:36 56 ---ha-w c:\programdata\ezsidmv.dat
2008-04-23 22:32 174 --sha-w c:\program files\desktop.ini
2008-04-06 17:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-06 17:56 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-06 17:56 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-28 815104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-01-11 1359872]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-01 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2346567242-3011342451-3503312085-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{75A99FCD-404F-4DF7-BD23-39D1B638CD17}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4FE20584-63C9-4092-AF8D-7B63D3EB0DB3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AC490A1-F171-4005-9F49-21800A79BF89}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65F50936-908B-4669-B84D-A0D8397FFA8A}"= UDP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"{5F2567E9-C473-4955-B5ED-07B707DE6768}"= TCP:c:\windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process
"TCP Query User{5567FFB2-491A-4437-813C-4EB7CAE136C9}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{AA372B79-A0D5-42BE-ADBF-E6C7D15655BA}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{1E93CFF0-5498-4FD1-8097-9E90F7CF4275}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A549F861-7A3D-457A-9716-CFE56312F531}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{05A7762C-872F-47F8-BD21-459ADDF5D1D9}"= UDP:3703:Adobe Version Cue CS3 Server
"{C85D299D-3499-40CC-8713-F5E1E8F72D3C}"= UDP:3704:Adobe Version Cue CS3 Server
"{A49C2D73-DA79-468D-9416-B947C43C19C6}"= UDP:50900:Adobe Version Cue CS3 Server
"{1ABC7D9A-741C-430C-9529-C6029234CF44}"= UDP:50901:Adobe Version Cue CS3 Server
"{4A6D8A73-381B-4914-A86E-87F5165FEDAA}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5F885A15-9747-48B0-8682-C1118DB59027}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{2561A2E0-2C76-4962-B56B-B07CBD2415D7}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{393C82EF-31C2-41D9-8FEA-3C23E1C553BE}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{FB2C417B-BEFB-4248-BF5C-2925C0F180BB}"= Disabled:UDP:c:\program files\Safari\Safari.exe:Safari
"{3F9BB6C0-3C15-4613-90F2-5DE6FC472343}"= Disabled:TCP:c:\program files\Safari\Safari.exe:Safari
"TCP Query User{44FC4AC7-49EF-4B87-AA07-67C801C0384C}c:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox
"UDP Query User{100FDB08-0932-414D-84A6-3AD772F85E13}c:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox
"{2328D668-9E98-478C-91AA-A24456371B9B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4292904F-682B-48F1-9BEB-CD978F0E061A}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{93AFD345-C351-478D-A765-4F093DF12D17}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F8B90CF0-3C5F-434D-91D0-E33A7ABEBB5F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{39192FAF-36EE-48F3-98C5-5283B8E1192C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B6C48612-6525-490D-87B7-45F0A283F8BC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F16278A8-0C69-4AEB-9BAD-1F9A2916D0F7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3CF5313A-FBDC-4F43-A40A-F7B0C5201B8E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6FE90EDF-7107-49DF-89F5-2AA960DB7BD2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B28E0EC3-B45D-4B43-A772-69E34B46906D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C4B327D0-94BA-48F9-8159-B358F1F1B3EA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{FB2C7153-0E14-41D7-99DB-249DCACD2007}c:\\program files\\firstoffice kirjanpito 5.3\\hansaworld.exe"= UDP:c:\program files\firstoffice kirjanpito 5.3\hansaworld.exe:HansaWorld
"UDP Query User{F79FAECD-9B42-45B3-AD42-D5807615AAB1}c:\\program files\\firstoffice kirjanpito 5.3\\hansaworld.exe"= TCP:c:\program files\firstoffice kirjanpito 5.3\hansaworld.exe:HansaWorld
"TCP Query User{5C1BAADF-D11B-41EF-87F7-E87C053B837B}c:\\program files\\winscp\\winscp.exe"= UDP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client
"UDP Query User{4CD6C7C8-3442-4942-8B35-A4D80A09C7A0}c:\\program files\\winscp\\winscp.exe"= TCP:c:\program files\winscp\winscp.exe:SFTP, FTP and SCP client
"{D929AD73-1A54-44A1-B00C-A1F853A79D7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4E88578A-4270-4E6D-BE06-ACC79B9BBBFF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1B3B823-6EE4-410A-BADB-3964ECE1ED8A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C683692C-8E31-4D14-96CE-641133BC22FC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5267F827-F362-450F-96C3-56C64543F74B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B42040D2-0494-4144-BC56-957165719172}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-10-31 30856]
R1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys [2008-10-27 66720]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-10-27 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-27 70944]
R1 fsvista;F-Secure Vista Support Driver;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-27 12384]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-10-27 76896]
R3 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure\ORSP Client\fsorsp.exe" [2008-10-27 55904]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys [2008-09-27 144008]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-27 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7723dce-b881-11dd-84c7-0016363347d9}]
\shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fea01472-19b7-11dd-938a-0011e2fdc762}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 22:36:35
Windows 6.0.6001 Service Pack 1 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(760)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(656)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
- - - - - - - > 'csrss.exe'(712)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
Valmistumisajankohta: 2008-12-17 22:43:33
ComboFix-quarantined-files.txt 2008-12-17 20:43:29
Ennen ajoa: 17 856 163 840 tavua vapaana
Ajon jälkeen: 18,079,166,464 tavua vapaana
276 --- E O F --- 2008-12-15 17:47:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:32, on 17.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9927 bytes
|
|
Hujo
Suspended permanently
|
17. joulukuuta 2008 @ 23:30 |
Linkki tähän viestiin
|
laitas tuoo
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
|
|
RollePE
Newbie
|
17. joulukuuta 2008 @ 23:55 |
Linkki tähän viestiin
|
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.3 - Suomi
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
Automaattiset valikot (Windows Live Toolbar)
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon LBP2900
Canon RAW Codec
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CDDRV_Installer
Choice Guard
Combined Community Codec Pack 2008-09-21 16:18
Conexant HD Audio
Contacts
Corel WinDVD 9
ffdshow [rev 2135] [2008-09-21]
F-Secure Client Security - Internet-suojaus
F-Secure Client Security - Järjestelmänhallinta
F-Secure Client Security - Sähköpostin tarkistus
F-Secure Client Security - Web-liikenteen tarkistus
F-Secure Client Security - Virus- ja vakoilusuojaus
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 11
Keyboard Manager Utility
KhalInstallWrapper
Korostuksen katselu (Windows Live Toolbar)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Express Edition - ENU
MobilePre
Mozilla Firefox (3.0.4)
Mozilla Sunbird (0.9)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
myiHome v5.0.2
Nero 8
neroxml
OriginPro 8
PDF Settings
Programmer's Notepad 2
PyQt GPL v4.4.2 for Python v2.5
Python 2.5.2
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Skype? Beta 4.0
Sony Sound Forge 9.0
Synaptics Pointing Device Driver
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
VC Runtimes MSI
VCRedistSetup
Weather Watcher
Weather Watcher
Windows Live Beta (all programs)
Windows Live Beta (all programs)
Windows Live Call
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.1.8
|
|
Hujo
Suspended permanently
|
18. joulukuuta 2008 @ 00:28 |
Linkki tähän viestiin
|
|
Poista lisää poista sovelutuksesta
Logitech Desktop Messenger
=================
Kirjoita suorita luukkuun
ComboFix /u
paina Ok
==============
scannaa hjt:llä merkkaa paina Fix checked
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
Voiko tietsikka koskaan toimia?
|
|
RollePE
Newbie
|
18. joulukuuta 2008 @ 01:19 |
Linkki tähän viestiin
|
|
Kiitoksia kone käynnistyy yli puolet nopeammin kuin ennen.
Olikos siinä sitten kaikki? Tuosta ääni hommelista en vielä tiedä hävisikö, mutta aika näyttää. Jos ei huomenna kuulu mitää niin sitten varmaan on hävinny :D
|
|
Hujo
Suspended permanently
|
18. joulukuuta 2008 @ 01:48 |
Linkki tähän viestiin
|
|
kuuntele sitten tarkaan ne piipitykset millasia ne on :)
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. joulukuuta 2008 @ 01:48
|
|
RollePE
Newbie
|
18. joulukuuta 2008 @ 13:17 |
Linkki tähän viestiin
|
ääh taas kuuluu niitä ääniä. Se on sellanen tosi nopea ääni, eikä se liity mihinkään käyttämääni ohjelmaan. En keksi mitää järkevää selitystä. Peräkkäin tulee nopeasti ensin korkea ja sitten matala ääni. Mitenhän sitä sitten paremmin kuvailis :D ja yht äkkiä taas kovalevyltä vapautu tilaa n.5Gt kummallista. Huomasin sellastakin että puhdistusten jälkeen käynnistellessäni konetta ei aluksi kuulunut sivupalkin ja työpöydän latailun aikana mitään ääniä, mut sitten ku käytin ccleaneria, ni nyt sit kuuluu taas jotai ääniä käynnistyksenki yhteydes. tiedä sittten onko hyvä vai huono.
Miten muuten tuo cathme service? onko sillä jotain tekemistä tuon "CATH ME IF YOU CAN" madon kans? Googlettelin ja symantecin sivuilta ongin jotain tarinoita :D Gmer:stä löysin yhden kommentin mikä ei tykänny hyvää siitä. Kyselenkö turhia vai onko noilla jotain tekemistä jonku kanssa?
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 22:36:35
Windows 6.0.6001 Service Pack 1 NTFS
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
18. joulukuuta 2008 @ 14:51 |
Linkki tähän viestiin
|
|
taitaapi olla bios piipailuja joku on särki :)
=====================
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. joulukuuta 2008 @ 14:55
|
|
