Troijalaisia koneellta -hjt

Siis troijalaisia löytyny koneella avastilla poistin ne, mutta sen jälkeen aina kun käynnistän koneen niin jokin system32 hommia avautuu ja Spybotilla etsinyt haittaohjelmia niin se löysi windows/system32/ mllml.dll, mutta sitä ei pysty poistamaan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:42, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis_v2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6393] command /c del "C:\WINDOWS\system32\mllml.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3012] cmd /c del "C:\WINDOWS\system32\mllml.dll_tobedeleted"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 7444 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\RunOnce: [SpybotDeletingA6393] command /c del "C:\WINDOWS\system32\mllml.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3012] cmd /c del "C:\WINDOWS\system32\mllml.dll_tobedeleted"

=============

päivitä AVG Anti-Spyware 7.5 aja vikasiedossa.

===========

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

 

Hmm... tota noin nytkun tein noin miten piti niin tää service.exe kaatu aina kun käynnistän koneen mitäs teen?

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

en pääse lataamaan kun painan tallenna tiedosto niin lataushomma häviää eikä set tule koneelle.

 

sulla on koneella AVG Anti-Spyware 7.5 päivitä ja aja vikasiedossa.

========

onko se tuo kohta mikä ei onnistu
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe

========

tees se lataus ie selaimella

 

Sain lataamisen toimimaan kun koneella oli jokun virus mikä esti lataamisen mikä löytyin avg antispywarella.

 

Haluutkos kun toi on scannannu ni sen login?

 

Joo siintä alimmasta luukusta..

 

File C:\WINDOWS\system32\ddccc.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\PROGRA~1\Helper\120284~1.DLL tagged as not-a-virus:AdWare.Win32.E404.f. No Action Taken.
File C:\WINDOWS\system32\yayayvt.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\ddayy.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.imh. No Action Taken.
File C:\WINDOWS\system32\ddccc.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\hkbijlqp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\iqkvfplx.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\lbwgalsp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\ppswipvp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\yayaabc.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\yayayvt.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\Documents and Settings\Joonas\Local Settings\Application Data\Mozilla\Firefox\Profiles\rt5wh7v7.default\Cache\5D329775d01 tagged as not-a-virusownloader.Win32.WinFixer.ds. No Action Taken.
File C:\Documents and Settings\Joonas\Local Settings\Temp\mrjm6daf.exe tagged as not-a-virusownloader.Win32.WinFixer.ds. No Action Taken.
File C:\Documents and Settings\Joonas\Local Settings\Temporary Internet Files\Content.IE5\F6712RLY\tr[1] tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\Documents and Settings\Joonas\Local Settings\Temporary Internet Files\Content.IE5\TE63MWWH\hctp[1] tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\Documents and Settings\Joonas\Local Settings\Temporary Internet Files\Content.IE5\Y5OL2IWP\css4[1] tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\Program Files\Helper\1202849866.dll tagged as not-a-virus:AdWare.Win32.E404.f. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.631. No Action Taken.
File C:\VundoFix Backups\mllml.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.imh. No Action Taken.
File C:\VundoFix Backups\yayaabc.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\VundoFix Backups\yayayvt.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\ddayy.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.imh. No Action Taken.
File C:\WINDOWS\system32\ddccc.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\hkbijlqp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\iqkvfplx.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\lbwgalsp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\ppswipvp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\yayaabc.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\WINDOWS\system32\yayayvt.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\wpohl.exe infected by "Trojan.Win32.Inject.wc" Virus. Action Taken: File Deleted.

 

et oo tota Vundofixsiä ajanut eikä näy lokia siintä

 

joo viimeks sillon ku ajoin sillä ni se service.exe meni jumiin, mutta poistanko täl escan chechil nää mitä löys?

 

ajetaas tuo

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:

combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=========

Poista vain kaikki

 

ComboFix 08-02-14.3 - Joonas 2008-02-14 20:25:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.368 [GMT 2:00]
Running from: C:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\yayayvt.dll
C:\Program Files\Helper
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_003668_.tmp.dll
C:\WINDOWS\system32\_003827_.tmp.dll
C:\WINDOWS\system32\_003828_.tmp.dll
C:\WINDOWS\system32\_003829_.tmp.dll
C:\WINDOWS\system32\_003830_.tmp.dll
C:\WINDOWS\system32\_003837_.tmp.dll
C:\WINDOWS\system32\_003838_.tmp.dll
C:\WINDOWS\system32\_003839_.tmp.dll
C:\WINDOWS\system32\_003840_.tmp.dll
C:\WINDOWS\system32\_003842_.tmp.dll
C:\WINDOWS\system32\_003843_.tmp.dll
C:\WINDOWS\system32\_003846_.tmp.dll
C:\WINDOWS\system32\_003847_.tmp.dll
C:\WINDOWS\system32\_003850_.tmp.dll
C:\WINDOWS\system32\_003851_.tmp.dll
C:\WINDOWS\system32\_003853_.tmp.dll
C:\WINDOWS\system32\_003854_.tmp.dll
C:\WINDOWS\system32\_003856_.tmp.dll
C:\WINDOWS\system32\_003861_.tmp.dll
C:\WINDOWS\system32\_003863_.tmp.dll
C:\WINDOWS\system32\_003864_.tmp.dll
C:\WINDOWS\system32\_003866_.tmp.dll
C:\WINDOWS\system32\_003868_.tmp.dll
C:\WINDOWS\system32\_003869_.tmp.dll
C:\WINDOWS\system32\_003870_.tmp.dll
C:\WINDOWS\system32\_003871_.tmp.dll
C:\WINDOWS\system32\_003872_.tmp.dll
C:\WINDOWS\system32\_003875_.tmp.dll
C:\WINDOWS\system32\_003877_.tmp.dll
C:\WINDOWS\system32\_003878_.tmp.dll
C:\WINDOWS\system32\_003879_.tmp.dll
C:\WINDOWS\system32\_003883_.tmp.dll
C:\WINDOWS\system32\akgtvakq.ini
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\fpaayyph.dll
C:\WINDOWS\system32\lbwgalsp.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pslagwbl.ini
C:\WINDOWS\system32\pvpiwspp.ini
C:\WINDOWS\system32\yayayvt.dll
C:\WINDOWS\system32\yyadd.ini2

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-14 to 2008-02-14 )))))))))))))))))
.

2008-02-14 20:15 . 2008-02-14 20:15 <KANSIO> d-------- C:\escheck
2008-02-14 18:39 . 2008-02-14 18:39 0 --a------ C:\23990098.$$$
2008-02-14 16:33 . 2008-02-14 16:43 <KANSIO> d-------- C:\Downloads
2008-02-14 16:29 . 2008-02-14 16:43 <KANSIO> d-------- C:\Kaspersky
2008-02-13 17:38 . 2008-02-14 20:23 <KANSIO> d-------- C:\VundoFix Backups
2008-02-13 15:54 . 2008-02-13 21:30 <KANSIO> d-------- C:\fixwareout
2008-02-13 14:52 . 2008-02-13 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-02-12 22:56 . 2008-02-12 22:56 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-12 22:40 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-12 22:40 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-12 22:39 . 2008-02-12 22:39 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2008-02-12 22:39 . 2008-02-12 22:39 <KANSIO> d-------- C:\Program Files\Ahead
2008-02-12 22:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-12 22:39 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-08 18:35 . 2008-02-08 18:35 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-02-05 16:55 . 2008-02-05 16:55 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-04 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-04 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-04 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-04 20:12 . 2008-02-09 14:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-04 20:06 . 2008-02-04 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 22:07 . 2008-02-03 22:34 <KANSIO> d-------- C:\Program Files\AdVantage
2008-01-31 04:02 . 2008-01-31 04:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-30 17:47 . 2008-01-30 17:47 <KANSIO> d-------- C:\Program Files\MSECache
2008-01-17 13:29 . 2008-01-17 13:29 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 18:30 --------- d-----w C:\Program Files\Steam
2008-02-14 18:23 --------- d-----w C:\Program Files\mIRC
2008-02-14 18:21 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Skype
2008-02-14 14:23 --------- d-----w C:\Program Files\Xfire
2008-02-13 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 20:13 --------- d-----w C:\Program Files\RevConnect
2008-02-13 19:30 --------- d-----w C:\Program Files\BitTorrent
2008-02-13 15:57 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BitTorrent
2008-02-13 15:44 --------- d-----w C:\Program Files\hijackthis_v2.0.2
2008-02-12 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-02-12 20:55 --------- d-----w C:\Program Files\Winamp
2008-02-10 09:16 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Xfire
2008-02-09 18:14 --------- d-----w C:\Program Files\Warcraft III
2008-02-04 10:45 --------- d-----w C:\Program Files\Webteh
2008-02-03 20:34 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BSplayer
2008-02-03 11:55 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BSplayer Pro
2008-01-19 22:25 --------- d-----w C:\Documents and Settings\Joonas\Application Data\mIRC
2008-01-12 22:00 --------- d-----w C:\Program Files\PokerStars
2008-01-01 14:47 --------- d-----w C:\Program Files\Betsson Poker
2007-12-30 19:08 --------- d-----w C:\Program Files\PartyGaming
2007-12-22 10:20 --------- d-----w C:\Program Files\czero_finnish
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-11-10 08:45 1,377,663 ----a-w C:\Program Files\INSTALL.LOG
2004-05-25 23:16 734,160 ----a-w C:\Program Files\VobSub_2.23.exe
2003-12-23 20:18 1,818,624 ----a-w C:\Program Files\czero.exe
2003-11-22 22:50 16,533 ----a-w C:\Program Files\Customer_Support.htm
2003-11-18 19:30 120 ----a-w C:\Program Files\sierra.inf
2003-11-18 19:30 12,634 ----a-w C:\Program Files\eula.txt
2003-11-18 19:30 112 ----a-w C:\Program Files\register.url
2003-11-18 18:37 90,112 ----a-w C:\Program Files\DemoPlayer.dll
2003-11-18 18:37 89 ----a-w C:\Program Files\czero.url
2003-11-18 18:37 86 ----a-w C:\Program Files\valve.url
2003-11-18 18:37 693,701 ----a-w C:\Program Files\steaminstall.exe
2003-11-18 18:37 61,440 ----a-w C:\Program Files\dbg.dll
2003-11-18 18:37 606,208 ----a-w C:\Program Files\proxy.dll
2003-11-18 18:37 385,024 ----a-w C:\Program Files\hlds.exe
2003-11-18 18:37 352,256 ----a-w C:\Program Files\vgui.dll
2003-11-18 18:37 3,387,392 ----a-w C:\Program Files\steam.dll
2003-11-18 18:37 241,732 ----a-w C:\Program Files\vgui2.dll
2003-11-18 18:37 225,280 ----a-w C:\Program Files\core.dll
2003-11-18 18:37 221,184 ----a-w C:\Program Files\hltv.exe
2003-11-18 18:37 2,068,480 ----a-w C:\Program Files\swds.dll
2003-11-18 18:37 2,004,538 ----a-w C:\Program Files\hw.dll
2003-11-18 18:37 118,881 ----a-w C:\Program Files\FileSystem_Stdio.dll
2003-11-18 18:37 1,888,221 ----a-w C:\Program Files\sw.dll
2003-10-28 22:16 816 ----a-w C:\Program Files\kver.kp
2003-10-28 22:16 63 ----a-w C:\Program Files\language.inf
2003-10-28 22:16 53,248 ----a-w C:\Program Files\voice_miles.dll
2003-10-28 22:16 4,710 ----a-w C:\Program Files\valve.ico
2003-10-28 22:16 351,744 ----a-w C:\Program Files\Mss32.dll
2003-10-28 22:16 24,705 ----a-w C:\Program Files\HLTV-Readme.txt
2003-10-28 22:16 211,456 ----a-w C:\Program Files\a3dapi.dll
2003-10-28 22:16 176,128 ----a-w C:\Program Files\voice_tweak.exe
2003-10-28 22:16 161,792 ----a-w C:\Program Files\Mssv29.asi
2003-10-28 22:16 142,848 ----a-w C:\Program Files\Mssv12.asi
2003-10-28 22:16 139,264 ----a-w C:\Program Files\voice_speex.dll
2003-10-28 22:16 125,952 ----a-w C:\Program Files\Mp3dec.asi
2003-10-28 22:16 102,400 ----a-w C:\Program Files\TrackerNET.dll
2003-10-28 22:16 1,569 ----a-w C:\Program Files\hltv.cfg
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
C:\Program Files\Helper\1202849866.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 14:16 1266936]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\Joonas\LOCALS~1\Temp\pfsvgae.sys []

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-02-09 13:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 20:30:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-02-14 20:34:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 18:34:45
.
2008-02-13 20:06:16 --- E O F ---

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

missä tuo quotebox on oikein? ainiin ja tässä ois se vundofix


VundoFix V6.7.8

Checking Java version...

Scan started at 17:38:10 13.2.2008

Listing files found while scanning....


VundoFix V6.7.8

Checking Java version...

Scan started at 17:39:07 13.2.2008

Listing files found while scanning....

C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\yayaabc.dll
C:\WINDOWS\system32\yayayvt.dll
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\yayaabc.dll
C:\WINDOWS\system32\yayayvt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayaabc.dll
C:\WINDOWS\system32\yayaabc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayvt.dll
C:\WINDOWS\system32\yayayvt.dll Could not be deleted.

Performing Repairs to the registry.
Done!

 

Toi lainaus sisältö

ja laita sitten combofix loki

 

C:\23990098.$$$ toi on ainakin tyhjä tiedosto ja toi fixvareout on kansio ni minkä kopioin sieltä?

 

tämä kaise piti olla


ComboFix 08-02-14.3 - Joonas 2008-02-15 20:02:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.159 [GMT 2:00]
Running from: C:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joonas\Omat tiedostot\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\23990098.$$$
C:\WINDOWS\system32\jkghje.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkghje.dll
C:\23990098.$$$
C:\fixwareout
C:\fixwareout\FindT\clsid.bak
C:\fixwareout\FindT\patterns.txt
C:\fixwareout\FindT\runback.txt
C:\fixwareout\report.txt
C:\WINDOWS\system32\jkghje.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-15 to 2008-02-15 )))))))))))))))))
.

2008-02-14 21:02 . 2008-02-14 21:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-14 21:02 . 2008-02-14 21:02 3,459 --a------ C:\WINDOWS\unins000.dat
2008-02-13 14:52 . 2008-02-13 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-02-12 22:40 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-12 22:40 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-12 22:39 . 2008-02-12 22:39 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2008-02-12 22:39 . 2008-02-12 22:39 <KANSIO> d-------- C:\Program Files\Ahead
2008-02-12 22:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-12 22:39 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-08 18:35 . 2008-02-08 18:35 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-02-05 16:55 . 2008-02-05 16:55 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-04 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-04 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-04 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-04 20:12 . 2008-02-09 14:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-04 20:06 . 2008-02-04 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 22:07 . 2008-02-03 22:34 <KANSIO> d-------- C:\Program Files\AdVantage
2008-01-31 04:02 . 2008-01-31 04:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-30 17:47 . 2008-01-30 17:47 <KANSIO> d-------- C:\Program Files\MSECache
2008-01-17 13:29 . 2008-01-17 13:29 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 18:07 --------- d-----w C:\Program Files\Steam
2008-02-15 17:49 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Skype
2008-02-14 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 19:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 18:23 --------- d-----w C:\Program Files\mIRC
2008-02-14 14:23 --------- d-----w C:\Program Files\Xfire
2008-02-13 20:13 --------- d-----w C:\Program Files\RevConnect
2008-02-13 19:30 --------- d-----w C:\Program Files\BitTorrent
2008-02-13 15:57 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BitTorrent
2008-02-13 15:44 --------- d-----w C:\Program Files\hijackthis_v2.0.2
2008-02-12 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-02-12 20:55 --------- d-----w C:\Program Files\Winamp
2008-02-10 09:16 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Xfire
2008-02-09 18:14 --------- d-----w C:\Program Files\Warcraft III
2008-02-04 10:45 --------- d-----w C:\Program Files\Webteh
2008-02-03 20:34 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BSplayer
2008-02-03 11:55 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BSplayer Pro
2008-01-19 22:25 --------- d-----w C:\Documents and Settings\Joonas\Application Data\mIRC
2008-01-12 22:00 --------- d-----w C:\Program Files\PokerStars
2008-01-01 14:47 --------- d-----w C:\Program Files\Betsson Poker
2007-12-30 19:08 --------- d-----w C:\Program Files\PartyGaming
2007-12-22 10:20 --------- d-----w C:\Program Files\czero_finnish
2007-12-22 09:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-10 08:45 1,377,663 ----a-w C:\Program Files\INSTALL.LOG
2004-05-25 23:16 734,160 ----a-w C:\Program Files\VobSub_2.23.exe
2003-12-23 20:18 1,818,624 ----a-w C:\Program Files\czero.exe
2003-11-22 22:50 16,533 ----a-w C:\Program Files\Customer_Support.htm
2003-11-18 19:30 120 ----a-w C:\Program Files\sierra.inf
2003-11-18 19:30 12,634 ----a-w C:\Program Files\eula.txt
2003-11-18 19:30 112 ----a-w C:\Program Files\register.url
2003-11-18 18:37 90,112 ----a-w C:\Program Files\DemoPlayer.dll
2003-11-18 18:37 89 ----a-w C:\Program Files\czero.url
2003-11-18 18:37 86 ----a-w C:\Program Files\valve.url
2003-11-18 18:37 693,701 ----a-w C:\Program Files\steaminstall.exe
2003-11-18 18:37 61,440 ----a-w C:\Program Files\dbg.dll
2003-11-18 18:37 606,208 ----a-w C:\Program Files\proxy.dll
2003-11-18 18:37 385,024 ----a-w C:\Program Files\hlds.exe
2003-11-18 18:37 352,256 ----a-w C:\Program Files\vgui.dll
2003-11-18 18:37 3,387,392 ----a-w C:\Program Files\steam.dll
2003-11-18 18:37 241,732 ----a-w C:\Program Files\vgui2.dll
2003-11-18 18:37 225,280 ----a-w C:\Program Files\core.dll
2003-11-18 18:37 221,184 ----a-w C:\Program Files\hltv.exe
2003-11-18 18:37 2,068,480 ----a-w C:\Program Files\swds.dll
2003-11-18 18:37 2,004,538 ----a-w C:\Program Files\hw.dll
2003-11-18 18:37 118,881 ----a-w C:\Program Files\FileSystem_Stdio.dll
2003-11-18 18:37 1,888,221 ----a-w C:\Program Files\sw.dll
2003-10-28 22:16 816 ----a-w C:\Program Files\kver.kp
2003-10-28 22:16 63 ----a-w C:\Program Files\language.inf
2003-10-28 22:16 53,248 ----a-w C:\Program Files\voice_miles.dll
2003-10-28 22:16 4,710 ----a-w C:\Program Files\valve.ico
2003-10-28 22:16 351,744 ----a-w C:\Program Files\Mss32.dll
2003-10-28 22:16 24,705 ----a-w C:\Program Files\HLTV-Readme.txt
2003-10-28 22:16 211,456 ----a-w C:\Program Files\a3dapi.dll
2003-10-28 22:16 176,128 ----a-w C:\Program Files\voice_tweak.exe
2003-10-28 22:16 161,792 ----a-w C:\Program Files\Mssv29.asi
2003-10-28 22:16 142,848 ----a-w C:\Program Files\Mssv12.asi
2003-10-28 22:16 139,264 ----a-w C:\Program Files\voice_speex.dll
2003-10-28 22:16 125,952 ----a-w C:\Program Files\Mp3dec.asi
2003-10-28 22:16 102,400 ----a-w C:\Program Files\TrackerNET.dll
2003-10-28 22:16 1,569 ----a-w C:\Program Files\hltv.cfg
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
C:\Program Files\Helper\1202849866.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 14:16 1266936]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\Joonas\LOCALS~1\Temp\pfsvgae.sys []

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-02-09 13:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 20:08:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NeverwinterNights\NWN\nwmain.exe
.
**************************************************************************
.
Completion time: 2008-02-15 20:13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 18:12:49
ComboFix2.txt 2008-02-14 18:34:49
.
2008-02-13 20:06:16 --- E O F ---

 

otas uusi hjt:n loki