Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:31, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\winudspm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6316 bytes
hjt-onko tuossa jotain vikaa
23
1097
Vastaukset
- Fix.fix
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. - ozmonautti
ComboFix 08-06-06.6 - ozmonautti 2008-06-07 13:53:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2892 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM332b64a7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\andlwudx.dll
C:\WINDOWS\system32\byXNddeD.dll
C:\WINDOWS\system32\cjqosvpt.exe
C:\WINDOWS\system32\CMmSYcfe.ini
C:\WINDOWS\system32\CMmSYcfe.ini2
C:\WINDOWS\system32\cxjurvis.exe
C:\WINDOWS\system32\hgGwXqQh.dll
C:\WINDOWS\system32\hvbpkyel.dll
C:\WINDOWS\system32\khfGwXPi.dll
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\komdwadh.dll
C:\WINDOWS\system32\leykpbvh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\murrkfbb.ini
C:\WINDOWS\system32\ojtfmnhg.ini
C:\WINDOWS\system32\scjrnicu.exe
C:\WINDOWS\system32\tuvSjJyV.dll
C:\WINDOWS\system32\wagvverm.ini
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\yofywjee.ini
C:\WINDOWS\ups.exe
----- BITS: Possible infected sites -----
hxxp://au.downõj
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-07 12:46 . 2008-06-07 12:46 49,156 --a------ C:\sz.exe
2008-06-07 12:27 . 2008-06-07 12:27 49,156 --a------ C:\sjgz.exe
2008-06-07 12:27 . 2008-06-07 12:27 49,156 --a------ C:\shz.exe
2008-06-07 12:27 . 2008-06-07 13:56 49,156 --a------ C:\hszs.exe
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 23:09 . 2008-06-02 23:09 96,950 -r-hs---- C:\WINDOWS\mservice.exe
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\ozmonautti\setup.exe
2008-05-29 20:14 . 2008-05-29 23:08 86,340 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2007-06-13 13:22 249,496 --sh--r C:\WINDOWS\system32\telecms.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7C37895-D0BE-4161-85AF-EEAE231353F6}]
C:\WINDOWS\system32\efcYSmMC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows UDP Control"="winudspm.exe" [2008-05-29 23:08 86340 C:\WINDOWS\winudspm.exe]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [2007-06-13 16:22 249496]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"3018573b"="C:\WINDOWS\system32\bbfkrrum.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [2007-06-13 16:22 249496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYsqrQ]
mlJYsqrQ.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\telecms.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 13:56:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\ups.exe
.
**************************************************************************
.
Completion time: 2008-06-07 13:56:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 10:56:51
Pre-Run: 74,928,664,576 tavua vapaana
Post-Run: 74,914,566,144 tavua vapaana
209 --- E O F --- 2008-05-28 13:07:43- Fix.fix
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing) - ozmonautti
Fix.fix kirjoitti:
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)ComboFix 08-06-06.6 - ozmonautti 2008-06-07 14:37:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2878 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\ozmonautti\Työpöytä\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\hszs.exe
C:\shz.exe
C:\sjgz.exe
C:\sz.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\ups.exe
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\hszs.exe
C:\shz.exe
C:\sjgz.exe
C:\sz.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\winudspm.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 13:56 . 2008-06-07 13:56 57,856 --a------ C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7C37895-D0BE-4161-85AF-EEAE231353F6}]
C:\WINDOWS\system32\efcYSmMC.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows UDP Control"="winudspm.exe" []
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"3018573b"="C:\WINDOWS\system32\bbfkrrum.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYsqrQ]
mlJYsqrQ.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 14:37:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-07 14:38:07
ComboFix-quarantined-files.txt 2008-06-07 11:38:05
ComboFix2.txt 2008-06-07 10:56:54
Pre-Run: 74,895,380,480 tavua vapaana
Post-Run: 74,914,127,872 tavua vapaana
183 --- E O F --- 2008-05-28 13:07:43 - ozmonautti
Fix.fix kirjoitti:
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)noita kaikkia ei oo sinä listassa mikä tulee kun skannaa hjt:llä
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing) - Fix.fix
ozmonautti kirjoitti:
noita kaikkia ei oo sinä listassa mikä tulee kun skannaa hjt:llä
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)scanaa uusi hjt:n loki
- ozmonautti
Fix.fix kirjoitti:
scanaa uusi hjt:n loki
lähetänkö sen lokin sulle
- Fix.fix
ozmonautti kirjoitti:
lähetänkö sen lokin sulle
ketjuun
- ozmonautti
Fix.fix kirjoitti:
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:52, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5869 bytes - Fix.fix
ozmonautti kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:52, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5869 bytesscannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
*******
scannaa uusi combofix loki - ozmonautti
Fix.fix kirjoitti:
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
*******
scannaa uusi combofix lokiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:09, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\freecell.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5414 bytes - ozmonautti
ozmonautti kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:09, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\freecell.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5414 bytesei mun tommosta pitäny lähettää:D:D
- ozmonautti
ozmonautti kirjoitti:
ei mun tommosta pitäny lähettää:D:D
ComboFix 08-06-06.6 - ozmonautti 2008-06-07 15:35:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2873 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 13:56 . 2008-06-07 13:56 57,856 --a------ C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:35:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-07 15:35:55
ComboFix-quarantined-files.txt 2008-06-07 12:35:51
ComboFix2.txt 2008-06-07 11:38:07
ComboFix3.txt 2008-06-07 10:56:54
Pre-Run: 74,912,120,832 tavua vapaana
Post-Run: 74,902,933,504 tavua vapaana
147 --- E O F --- 2008-05-28 13:07:43 - Fix.fix
ozmonautti kirjoitti:
ComboFix 08-06-06.6 - ozmonautti 2008-06-07 15:35:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2873 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 13:56 . 2008-06-07 13:56 57,856 --a------ C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:35:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-07 15:35:55
ComboFix-quarantined-files.txt 2008-06-07 12:35:51
ComboFix2.txt 2008-06-07 11:38:07
ComboFix3.txt 2008-06-07 10:56:54
Pre-Run: 74,912,120,832 tavua vapaana
Post-Run: 74,902,933,504 tavua vapaana
147 --- E O F --- 2008-05-28 13:07:43Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi. - ozmonautti
Fix.fix kirjoitti:
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 837
16:21:02 7.6.2008
mbam-log-6-7-2008 (16-21-02).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|)
Tarkistetut kohteet: 42565
Kulunut aika: 15 minute(s), 48 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 40
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Documents and Settings\ozmonautti\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudspm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\telecms.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vetcmklm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002230.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002232.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002233.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002234.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002245.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003212.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003213.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003214.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003215.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP26\A0003225.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004339.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005237.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005238.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006236.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007294.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007306.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007350.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007424.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007425.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007426.exe (Backdoor.Bot) -> Quarantined and deleted successfully. - Fix.fix
ozmonautti kirjoitti:
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 837
16:21:02 7.6.2008
mbam-log-6-7-2008 (16-21-02).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|)
Tarkistetut kohteet: 42565
Kulunut aika: 15 minute(s), 48 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 40
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Documents and Settings\ozmonautti\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudspm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\telecms.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vetcmklm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002230.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002232.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002233.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002234.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002245.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003212.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003213.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003214.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003215.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP26\A0003225.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004339.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005237.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005238.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006236.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007294.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007306.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007350.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007424.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007425.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007426.exe (Backdoor.Bot) -> Quarantined and deleted successfully.1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
============
scannaa combofix tuon jälkeen - ozmonautti
Fix.fix kirjoitti:
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
============
scannaa combofix tuon jälkeenja nyt mese virusta ei enää ole koneellani??
- ozmonautti
ozmonautti kirjoitti:
ja nyt mese virusta ei enää ole koneellani??
ComboFix 08-06-06.6 - ozmonautti 2008-06-07 16:30:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2896 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ljJdaXOG.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 16:03 . 2008-06-07 16:04 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:03 . 2008-06-07 16:03 d-------- C:\Documents and Settings\ozmonautti\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-07 16:03 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:03 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-07_13.56.43.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 10:55:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-07 13:28:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-07 13:28:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:31:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-07 16:31:18
ComboFix-quarantined-files.txt 2008-06-07 13:31:16
ComboFix2.txt 2008-06-07 12:35:55
ComboFix3.txt 2008-06-07 11:38:07
ComboFix4.txt 2008-06-07 10:56:54
Pre-Run: 75,532,140,544 tavua vapaana
Post-Run: 75,524,014,080 tavua vapaana
162 --- E O F --- 2008-05-28 13:07:43 - Fix.fix
ozmonautti kirjoitti:
ComboFix 08-06-06.6 - ozmonautti 2008-06-07 16:30:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2896 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ljJdaXOG.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.
2008-06-07 16:03 . 2008-06-07 16:04 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:03 . 2008-06-07 16:03 d-------- C:\Documents and Settings\ozmonautti\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-07 16:03 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:03 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 13:38 . 2008-06-07 13:38 d-------- C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08 d-------- C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59 d-------- C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43 d-------- C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42 d-------- C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40 d-------- C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12 28 --a------ C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12 19 --a------ C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09 d--hs---- C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09 d-------- C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17 d-------- C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30 d-------- C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18 d-------- C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00 d-------- C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10 d-------- C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59 d-------- C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56 d-------- C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44 d--h----- C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28 d-------- C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57 211 --a------ C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47 d-------- C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47 90,396 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45 d-------- C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44 d-------- C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44 116,268 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39 d-------- C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35 d-------- C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34 d-------- C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33 d-------- C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32 d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32 d-------- C:\Intel
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10 --------- d-----w C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-20 13:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-07_13.56.43.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 10:55:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-07 13:28:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-07 13:28:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:31:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-07 16:31:18
ComboFix-quarantined-files.txt 2008-06-07 13:31:16
ComboFix2.txt 2008-06-07 12:35:55
ComboFix3.txt 2008-06-07 11:38:07
ComboFix4.txt 2008-06-07 10:56:54
Pre-Run: 75,532,140,544 tavua vapaana
Post-Run: 75,524,014,080 tavua vapaana
162 --- E O F --- 2008-05-28 13:07:43sitten uusi hjt:n loki
- ozmonautti
Fix.fix kirjoitti:
sitten uusi hjt:n loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:06, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5202 bytes - Fix.fix
ozmonautti kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:06, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5202 byteshyvää päivän jatkoa.
- ozmonautti
Fix.fix kirjoitti:
hyvää päivän jatkoa.
niin että onko sitä enää koneellani????????
- Fix.fix
ozmonautti kirjoitti:
niin että onko sitä enää koneellani????????
koneella.
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Tällä kertaa Marinia kadehtii Minäminä Päivärinta
Kokoomuksen tyhjäntoimittelija itkeä tuhertaa, kun kansainvälinen superstaramme ei leiki hänen kanssaan. Oikean puoluee4231826Miksi jollain jää "talvi päälle"
Huvittaa kastoa ullkona jotain vahempaa äijää joka pukeutuu edelleen kun olisi +5 astetta lämmittä vaikka on helle keli1861475- 1091411
Miksi koulut pakottavat
Lapset uimaan sekaryhmänä? Murrosikäiset tunnetusti häpeilevät vartalossa tapahtuvia muutoksia. Tulee turhia poissaoloja1561358- 451046
Suomen Pallolitto: Tasoryhmät lasten jalkapallossa - Erätauko-tilaisuus ma 20.5.2024
Tasoryhmät lasten ja nuorten jalkapallossa herättävät paljon keskustelua. Mitä tasoryhmät ovat ja mikä on niiden tarkoit0980- 63966
Mitä et hyväksy miehessä/naisessa josta olet kiinnostunut?
Itse en halua, että miehellä olisi lapsia!119923Susanne Päivärinta kirjassaan: Sannalla nousi valta päähän, Big Time!
Päivärinta toteaa ettei ole nähnyt kenenkään muuttuvan niin totaalisesti kuin Marinin, eikä siis todellakaan parempaan s93900Se katse silloin
Oli hetki, jolloin katseemme kohtasivat. Oli talvi vielä. Kerta toisensa jälkeen palaan tuohon jaettuun katseeseen. Tunt32886