hjt-onko tuossa jotain vikaa

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

Fix.fix kirjoitti:

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

Lue lisää

ComboFix 08-06-06.6 - ozmonautti 2008-06-07 14:37:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2878 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\ozmonautti\Työpöytä\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\hszs.exe
C:\shz.exe
C:\sjgz.exe
C:\sz.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\ups.exe
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hszs.exe
C:\shz.exe
C:\sjgz.exe
C:\sz.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 13:56 . 2008-06-07 13:56   57,856   --a------   C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38      d--------   C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08      d--------   C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10   97,116   --a------   C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59      d--------   C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08      d--------   C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08   86,498   --a------   C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42      d--------   C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40      d--------   C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12   28   --a------   C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12   19   --a------   C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09      d--hs----   C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09      d--------   C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10   1,011,712   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17      d--------   C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30      d--------   C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18      d--------   C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00      d--------   C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10      d--------   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01   0   --a------   C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59      d--------   C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56      d--------   C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44      d--h-----   C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28      d--------   C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57   211   --a------   C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47      d--------   C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47   90,396   --a------   C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30      d--------   C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44      d--------   C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00   40,960   --a------   C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44   116,268   --a------   C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39      d--------   C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44   17,177   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36   73,728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35      d--------   C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34      d--------   C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43      d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32      d----c---   C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Intel

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10   ---------   d-----w   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-05-20 13:02   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7C37895-D0BE-4161-85AF-EEAE231353F6}]
         C:\WINDOWS\system32\efcYSmMC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Windows UDP Control"="winudspm.exe" []
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"3018573b"="C:\WINDOWS\system32\bbfkrrum.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYsqrQ]
mlJYsqrQ.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 14:37:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 14:38:07
ComboFix-quarantined-files.txt 2008-06-07 11:38:05
ComboFix2.txt 2008-06-07 10:56:54

Pre-Run: 74,895,380,480 tavua vapaana
Post-Run: 74,914,127,872 tavua vapaana

183   --- E O F ---   2008-05-28 13:07:43

Fix.fix kirjoitti:

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

Lue lisää

noita kaikkia ei oo sinä listassa mikä tulee kun skannaa hjt:llä



O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

ozmonautti kirjoitti:

noita kaikkia ei oo sinä listassa mikä tulee kun skannaa hjt:llä



O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

Lue lisää

scanaa uusi hjt:n loki

Fix.fix kirjoitti:

scanaa uusi hjt:n loki

lähetänkö sen lokin sulle

ozmonautti kirjoitti:

lähetänkö sen lokin sulle

ketjuun

Fix.fix kirjoitti:

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

[quote]

File::
C:\sz.exe
C:\sjgz.exe
C:\shz.exe
C:\hszs.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\service.exe
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\knyobyhd.dll
C:\WINDOWS\system32\efcYSmMC.dll
C:\WINDOWS\system32\bbfkrrum.dll
C:\WINDOWS\system32\vetcmklm.dll
C:\WINDOWS\system32\telecms.exe

[/quote]

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

*******

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: {7d7f4a98-79b9-7f6a-dea4-4025f57b2d15} - {51d2b75f-5204-4aed-a6f7-9b9789a4f7d7} - C:\WINDOWS\system32\knyobyhd.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\mlJYsqrQ.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\Run: [BM332b64a7] Rundll32.exe "C:\WINDOWS\system32\vetcmklm.dll",s
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

Lue lisää

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:52, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5869 bytes

ozmonautti kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:52, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5869 bytes

Lue lisää

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

*******

scannaa uusi combofix loki

Fix.fix kirjoitti:

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {E7C37895-D0BE-4161-85AF-EEAE231353F6} - C:\WINDOWS\system32\efcYSmMC.dll (file missing)
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [3018573b] rundll32.exe "C:\WINDOWS\system32\bbfkrrum.dll",b
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O20 - Winlogon Notify: mlJYsqrQ - mlJYsqrQ.dll (file missing)

*******

scannaa uusi combofix loki

Lue lisää

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:09, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\freecell.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5414 bytes

ozmonautti kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:09, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\freecell.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5414 bytes

Lue lisää

ei mun tommosta pitäny lähettää:D:D

ozmonautti kirjoitti:

ei mun tommosta pitäny lähettää:D:D

ComboFix 08-06-06.6 - ozmonautti 2008-06-07 15:35:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2873 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 13:56 . 2008-06-07 13:56   57,856   --a------   C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38      d--------   C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08      d--------   C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10   97,116   --a------   C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59      d--------   C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08      d--------   C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08   86,498   --a------   C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42      d--------   C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40      d--------   C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12   28   --a------   C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12   19   --a------   C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09      d--hs----   C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09      d--------   C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10   1,011,712   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17      d--------   C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30      d--------   C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18      d--------   C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00      d--------   C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10      d--------   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01   0   --a------   C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59      d--------   C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56      d--------   C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44      d--h-----   C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28      d--------   C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57   211   --a------   C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47      d--------   C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47   90,396   --a------   C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30      d--------   C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44      d--------   C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00   40,960   --a------   C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44   116,268   --a------   C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39      d--------   C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44   17,177   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36   73,728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35      d--------   C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34      d--------   C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43      d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32      d----c---   C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Intel

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10   ---------   d-----w   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-05-20 13:02   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:35:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 15:35:55
ComboFix-quarantined-files.txt 2008-06-07 12:35:51
ComboFix2.txt 2008-06-07 11:38:07
ComboFix3.txt 2008-06-07 10:56:54

Pre-Run: 74,912,120,832 tavua vapaana
Post-Run: 74,902,933,504 tavua vapaana

147   --- E O F ---   2008-05-28 13:07:43

ozmonautti kirjoitti:

ComboFix 08-06-06.6 - ozmonautti 2008-06-07 15:35:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2873 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 13:56 . 2008-06-07 13:56   57,856   --a------   C:\WINDOWS\system32\ljJdaXOG.dll
2008-06-07 13:38 . 2008-06-07 13:38      d--------   C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08      d--------   C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10   97,116   --a------   C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59      d--------   C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08      d--------   C:\WINDOWS\SxsCaPendDel
2008-05-30 16:55 . 2008-05-30 19:08   86,498   --a------   C:\Documents and Settings\ozmonautti\setup.exe
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42      d--------   C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40      d--------   C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12   28   --a------   C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12   19   --a------   C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09      d--hs----   C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09      d--------   C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10   1,011,712   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17      d--------   C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30      d--------   C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18      d--------   C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00      d--------   C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10      d--------   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01   0   --a------   C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59      d--------   C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56      d--------   C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44      d--h-----   C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28      d--------   C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57   211   --a------   C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47      d--------   C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47   90,396   --a------   C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30      d--------   C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44      d--------   C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00   40,960   --a------   C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44   116,268   --a------   C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39      d--------   C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44   17,177   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36   73,728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35      d--------   C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34      d--------   C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43      d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32      d----c---   C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Intel

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10   ---------   d-----w   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-05-20 13:02   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:35:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 15:35:55
ComboFix-quarantined-files.txt 2008-06-07 12:35:51
ComboFix2.txt 2008-06-07 11:38:07
ComboFix3.txt 2008-06-07 10:56:54

Pre-Run: 74,912,120,832 tavua vapaana
Post-Run: 74,902,933,504 tavua vapaana

147   --- E O F ---   2008-05-28 13:07:43

Lue lisää

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

Fix.fix kirjoitti:

Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
•   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
•   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
•   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
•   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
•   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
•   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
•   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
•   Lähetä lokin sisältö seuraavassa viestissäsi.

Lue lisää

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 837

16:21:02 7.6.2008
mbam-log-6-7-2008 (16-21-02).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|)
Tarkistetut kohteet: 42565
Kulunut aika: 15 minute(s), 48 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 40

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\ozmonautti\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudspm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\telecms.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vetcmklm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002230.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002232.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002233.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002234.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002245.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003212.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003213.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003214.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003215.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP26\A0003225.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004339.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005237.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005238.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006236.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007294.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007306.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007350.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007424.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007425.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007426.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

ozmonautti kirjoitti:

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 837

16:21:02 7.6.2008
mbam-log-6-7-2008 (16-21-02).txt

Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|)
Tarkistetut kohteet: 42565
Kulunut aika: 15 minute(s), 48 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 40

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\ozmonautti\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudspm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\telecms.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vetcmklm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002230.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002232.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002233.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002234.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0002245.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003212.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003213.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003214.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP25\A0003215.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP26\A0003225.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004338.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004339.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0004340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP30\A0005235.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005237.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP31\A0005238.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006236.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP32\A0006263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007294.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007306.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP34\A0007350.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007424.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007425.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2B4F7D0A-3FE1-4931-BB83-55A8A34AD30B}\RP35\A0007426.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Lue lisää

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

============

scannaa combofix tuon jälkeen

Fix.fix kirjoitti:

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

============

scannaa combofix tuon jälkeen

Lue lisää

ja nyt mese virusta ei enää ole koneellani??

ozmonautti kirjoitti:

ja nyt mese virusta ei enää ole koneellani??

ComboFix 08-06-06.6 - ozmonautti 2008-06-07 16:30:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2896 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ljJdaXOG.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 16:03 . 2008-06-07 16:04      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:03 . 2008-06-07 16:03      d--------   C:\Documents and Settings\ozmonautti\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-07 16:03      d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-05 16:04   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:03 . 2008-06-05 16:04   15,864   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 13:38 . 2008-06-07 13:38      d--------   C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08      d--------   C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10   97,116   --a------   C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59      d--------   C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08      d--------   C:\WINDOWS\SxsCaPendDel
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42      d--------   C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40      d--------   C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12   28   --a------   C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12   19   --a------   C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09      d--hs----   C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09      d--------   C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10   1,011,712   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17      d--------   C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30      d--------   C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18      d--------   C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00      d--------   C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10      d--------   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01   0   --a------   C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59      d--------   C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56      d--------   C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44      d--h-----   C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28      d--------   C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57   211   --a------   C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47      d--------   C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47   90,396   --a------   C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30      d--------   C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44      d--------   C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00   40,960   --a------   C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44   116,268   --a------   C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39      d--------   C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44   17,177   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36   73,728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35      d--------   C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34      d--------   C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43      d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32      d----c---   C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Intel

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10   ---------   d-----w   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-05-20 13:02   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-07_13.56.43.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 10:55:49   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-07 13:28:47   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-07 13:28:50   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:31:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 16:31:18
ComboFix-quarantined-files.txt 2008-06-07 13:31:16
ComboFix2.txt 2008-06-07 12:35:55
ComboFix3.txt 2008-06-07 11:38:07
ComboFix4.txt 2008-06-07 10:56:54

Pre-Run: 75,532,140,544 tavua vapaana
Post-Run: 75,524,014,080 tavua vapaana

162   --- E O F ---   2008-05-28 13:07:43

ozmonautti kirjoitti:

ComboFix 08-06-06.6 - ozmonautti 2008-06-07 16:30:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.2896 [GMT 3:00]
Running from: C:\Documents and Settings\ozmonautti\Työpöytä\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ljJdaXOG.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 16:03 . 2008-06-07 16:04      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:03 . 2008-06-07 16:03      d--------   C:\Documents and Settings\ozmonautti\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-07 16:03      d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:03 . 2008-06-05 16:04   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 16:03 . 2008-06-05 16:04   15,864   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 13:38 . 2008-06-07 13:38      d--------   C:\Program Files\Trend Micro
2008-06-05 16:08 . 2008-06-05 16:08      d--------   C:\Program Files\Alwil Software
2008-06-02 23:10 . 2008-06-02 23:10   97,116   --a------   C:\WINDOWS\DC5177176.zip
2008-06-01 22:59 . 2008-06-01 22:59      d--------   C:\Program Files\MSN Messenger
2008-06-01 22:47 . 2008-06-02 23:08      d--------   C:\WINDOWS\SxsCaPendDel
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\WINDOWS\Sun
2008-05-27 22:43 . 2008-05-27 22:43      d--------   C:\Program Files\Sun
2008-05-27 22:42 . 2008-05-27 22:42      d--------   C:\Program Files\Java
2008-05-27 22:42 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-27 22:40 . 2008-05-27 22:40      d--------   C:\Program Files\Common Files\Java
2008-05-25 22:10 . 2008-05-25 22:12   28   --a------   C:\WINDOWS\system32\kifile
2008-05-25 22:10 . 2008-05-25 22:12   19   --a------   C:\WINDOWS\system32\nifile
2008-05-25 22:09 . 2008-05-25 22:09      d--hs----   C:\WINDOWS\ftpcache
2008-05-25 22:09 . 2008-05-25 22:09      d--------   C:\Program Files\Tribal
2008-05-22 15:17 . 2008-03-01 16:01   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-22 15:17 . 2007-04-17 12:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-22 15:17 . 2007-03-08 08:10   1,011,712   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-22 15:17 . 2008-03-01 16:01   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-22 15:17 . 2008-03-01 16:01   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-22 15:17 . 2008-03-01 16:01   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-22 15:17 . 2008-03-01 16:01   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-22 15:17 . 2008-03-01 16:01   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-22 15:17 . 2008-02-22 13:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-22 15:16 . 2008-05-22 15:17      d--------   C:\WINDOWS\system32\fi-fi
2008-05-21 20:56 . 2008-05-21 21:30      d--------   C:\Program Files\DC
2008-05-21 16:15 . 2008-05-21 16:18      d--------   C:\Program Files\uTorrent
2008-05-21 16:14 . 2008-06-07 13:00      d--------   C:\Documents and Settings\ozmonautti\Application Data\uTorrent
2008-05-20 21:10 . 2008-05-20 21:10      d--------   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 21:01 . 2008-05-20 21:01   0   --a------   C:\WINDOWS\nsreg.dat
2008-05-20 20:59 . 2008-05-20 20:59      d--------   C:\Program Files\VideoLAN
2008-05-20 20:56 . 2008-05-20 20:56      d--------   C:\Documents and Settings\ozmonautti\Contacts
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\ozmonautti\Application Data\Comodo
2008-05-20 20:55 . 2008-05-20 20:55      d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-20 20:53 . 2008-05-28 15:44      d--h-----   C:\WINDOWS\$hf_mig$
2008-05-20 20:53 . 2008-06-01 23:22   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-05-20 20:51 . 2008-05-21 17:28      d--------   C:\Program Files\Winamp
2008-05-20 20:48 . 2008-05-20 15:57   211   --a------   C:\boot.ini.comodofirewall
2008-05-20 20:47 . 2008-05-20 20:47      d--------   C:\Program Files\Comodo
2008-05-20 20:47 . 2008-05-20 20:47   90,396   --a------   C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\system32\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\WINDOWS\Profiles
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Program Files\Common Files\LightScribe
2008-05-20 20:45 . 2008-05-22 16:30      d--------   C:\Program Files\Common Files\Adobe
2008-05-20 20:45 . 2008-05-20 20:45      d--------   C:\Documents and Settings\ozmonautti\Application Data\InterTrust
2008-05-20 20:45 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-20 20:44 . 2004-07-26 16:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-05-20 20:44 . 2004-07-26 16:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-05-20 20:44 . 2004-07-26 16:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-05-20 20:44 . 2004-07-09 08:43   364,544   ---------   C:\WINDOWS\system32\TwnLib4.dll
2008-05-20 20:44 . 2004-07-26 16:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-05-20 20:44 . 2001-07-09 10:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-05-20 20:44 . 2000-06-26 10:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink DVD Solution
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\CyberLink
2008-05-20 20:43 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\Ahead
2008-05-20 20:43 . 2008-05-20 20:44      d--------   C:\Program Files\Ahead
2008-05-20 20:43 . 2004-10-01 15:00   40,960   --a------   C:\Program Files\Uninstall_CDS.exe
2008-05-20 20:40 . 2007-04-13 00:44   116,268   --a------   C:\WINDOWS\system32\nvapps.xml
2008-05-20 20:39 . 2008-05-20 20:39      d--------   C:\WINDOWS\nview
2008-05-20 20:39 . 2007-04-13 00:51   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-05-20 20:39 . 2007-04-13 00:44   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-05-20 20:39 . 2007-04-13 00:44   17,177   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-05-20 20:36 . 2008-05-20 20:36   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-05-20 20:36 . 2008-05-20 20:36   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-05-20 20:36 . 2008-05-20 20:36   73,728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2008-05-20 20:35 . 2008-05-20 20:35      d--------   C:\WINDOWS\system32\Lang
2008-05-20 20:34 . 2008-05-20 20:34      d--------   C:\Documents and Settings\ozmonautti\Application Data\InstallShield
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\WINDOWS\system32\RTCOM
2008-05-20 20:33 . 2008-05-20 20:33      d--------   C:\Program Files\Realtek
2008-05-20 20:33 . 2008-05-20 20:43      d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-20 20:33 . 2008-05-20 20:43      d--------   C:\Program Files\Common Files\InstallShield
2008-05-20 20:32 . 2008-05-20 20:32      d----c---   C:\WINDOWS\system32\DRVSTORE
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Program Files\Intel
2008-05-20 20:32 . 2008-05-20 20:32      d--------   C:\Intel

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:10   ---------   d-----w   C:\Documents and Settings\ozmonautti\Application Data\vlc
2008-05-20 17:33   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-05-20 13:02   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-07_13.56.43.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 10:55:49   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-07 13:28:47   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-07 13:28:50   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 09:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-13 00:44 8429568]
"nwiz"="nwiz.exe" [2007-04-13 00:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-13 00:44 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-20 20:47 1115728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 20:35 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e8459f-25e7-11dd-992d-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:31:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 16:31:18
ComboFix-quarantined-files.txt 2008-06-07 13:31:16
ComboFix2.txt 2008-06-07 12:35:55
ComboFix3.txt 2008-06-07 11:38:07
ComboFix4.txt 2008-06-07 10:56:54

Pre-Run: 75,532,140,544 tavua vapaana
Post-Run: 75,524,014,080 tavua vapaana

162   --- E O F ---   2008-05-28 13:07:43

Lue lisää

sitten uusi hjt:n loki

Fix.fix kirjoitti:

sitten uusi hjt:n loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:06, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5202 bytes

ozmonautti kirjoitti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:06, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5202 bytes

Lue lisää

hyvää päivän jatkoa.

Fix.fix kirjoitti:

hyvää päivän jatkoa.

niin että onko sitä enää koneellani????????

ozmonautti kirjoitti:

niin että onko sitä enää koneellani????????

koneella.