|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Voisiko joku auttaa? HjT Combofix log
|
|
|
Viirus
Newbie
|
20. tammikuuta 2008 @ 23:36 |
Linkki tähän viestiin
|
Koetin poistaa haittaohjelmia ja sain suuren osan poistettuakin jo. Ongelmana on se, että seurasin yhden luotettavan foorumin inffoja ja latasin ComboFixin. Painoin tämän "ComboFixin" käyntiin mutta mitään ei tapahtunut, enkä nyt saa sitä millään keinolla poistettua. Myöhemmin sain ladattua oikean ComboFixin joka toimi.
Tämä niinsanottu "ComboFix" sanoo käynnistyessään:
"ComboFix.exe ei ole kelvollinen Win32-sovellus"
Yrittäessä poistaa:
"Yhteiskäyttövirhe: Lähde- ja kohdetiedostot voivat olla käynnissä."
Nämä logit ovat ComboFixin käytön jälkeen:
___________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:37, on 20.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\pelit\steam\steam.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijack This\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ftp://ftp20.nebula.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1161277447269
O17 - HKLM\System\CCS\Services\Tcpip\..\{A52417E3-8604-41F4-8C8D-76A14D662C29}: NameServer = 195.148.49.100,195.148.49.110
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7329 bytes
__________________________________
ComboFix 08-01-20.1 - Teemu 2008-01-20 23:09:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1489 [GMT 2:00]
Running from: C:\Documents and Settings\Teemu\Ty?p?yt?\ComboFix(2).exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\ddabx.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\winsys.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-12-20 to 2008-01-20 )))))))))))))))))
.
2008-01-20 23:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 22:42 . 2008-01-20 22:42 <KANSIO> d-------- C:\Program Files\BillP Studios
2008-01-20 18:20 . 2008-01-20 18:20 <KANSIO> d-------- C:\Program Files\DivX
2008-01-20 18:19 . 2008-01-20 18:19 <KANSIO> d-------- C:\Program Files\XviD
2008-01-20 18:19 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-20 18:19 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-20 18:19 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-20 16:32 . 2008-01-20 22:14 <KANSIO> d-------- C:\Program Files\Hijack This
2008-01-20 16:29 . 2008-01-20 16:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-20 14:52 . 2008-01-20 14:52 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-20 14:52 . 2008-01-20 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-20 12:33 . 2008-01-20 12:33 2,227 --a------ C:\WINDOWS\system32\tcpmoon.ini
2008-01-20 12:33 . 2008-01-20 12:33 183 --a------ C:\WINDOWS\system32\fpx.ini
2008-01-19 21:59 . 2008-01-19 21:59 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-19 17:34 . 2008-01-19 17:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 16:36 . 2008-01-19 17:14 163 --a------ C:\WINDOWS\wininit.ini
2008-01-19 12:05 . 2007-11-19 14:25 3,829,382 --a------ C:\WINDOWS\winavi_ipod_video_converter.exe
2008-01-19 11:57 . 2008-01-20 18:18 <KANSIO> d-------- C:\Program Files\WinAVI MP4 Converter
2008-01-19 11:53 . 2008-01-19 11:53 <KANSIO> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-01-19 11:53 . 2008-01-19 11:53 <KANSIO> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-01-18 21:12 . 2008-01-18 21:12 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
2008-01-18 18:58 . 2008-01-18 18:58 <KANSIO> d-------- C:\Program Files\AliveMedia
2008-01-18 18:38 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-18 18:06 . 2008-01-18 18:06 <KANSIO> d-------- C:\My Media
2008-01-18 18:04 . 2008-01-18 18:04 245,760 --------- C:\WINDOWS\Setup1.exe
2008-01-18 18:04 . 2008-01-18 18:04 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-13 13:17 . 2008-01-13 13:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-13 13:15 . 2008-01-13 13:17 <KANSIO> d-------- C:\WINDOWS\nview
2008-01-13 13:15 . 2008-01-20 23:13 88,723 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-13 12:47 . 2006-05-18 13:14 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-01-13 12:47 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-01-13 12:47 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-01-13 12:44 . 2008-01-13 12:44 <KANSIO> d-------- C:\Program Files\Setup Files
2008-01-13 12:42 . 2008-01-13 12:42 <KANSIO> d-------- C:\Documents and Settings\Teemu\Application Data\SystemRequirementsLab
2008-01-10 08:15 . 2008-01-20 23:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-10 08:15 . 2008-01-20 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-10 08:11 . 2008-01-19 12:37 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-03 13:55 . 2008-01-03 13:55 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-28 16:29 . 2008-01-07 15:03 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-26 22:08 . 2008-01-20 18:29 <KANSIO> d-------- C:\Program Files\iTunes
2007-12-26 22:08 . 2007-12-26 22:08 <KANSIO> d-------- C:\Program Files\iPod
2007-12-26 22:08 . 2007-12-28 16:09 <KANSIO> d-------- C:\Documents and Settings\Teemu\Application Data\Apple Computer
2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Program Files\Apple Software Update
2007-12-26 22:07 . 2007-12-26 22:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-26 22:07 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 19:01 --------- d-----w C:\Program Files\FinnishIRC XP
2008-01-20 14:28 --------- d-s---w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2008-01-19 10:13 --------- d-----w C:\Program Files\WinCustomize LogonStudio
2008-01-19 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 19:32 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-01-14 10:32 --------- d-----w C:\Program Files\MagicTune Premium
2008-01-13 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-13 10:47 --------- d-----w C:\Program Files\MSI
2008-01-06 21:21 --------- d-----w C:\Documents and Settings\Teemu\Application Data\DataLayer
2008-01-03 12:24 --------- d-----w C:\Program Files\Canon
2008-01-03 11:55 --------- d-----w C:\Documents and Settings\Teemu\Application Data\Canon
2008-01-02 12:30 --------- d-----w C:\Documents and Settings\Teemu\Application Data\Skype
2007-11-27 06:40 77,072 ----a-w C:\Documents and Settings\Teemu\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 18:05 28 ----a-w C:\Program Files\deviceinfo
2007-09-17 18:10 994 ----a-w C:\Program Files\browserrecord.swf
2007-09-17 18:10 81,920 ----a-w C:\Program Files\tsasdk.dll
2007-09-17 18:10 719,360 ----a-w C:\Program Files\dbghelp.dll
2007-09-17 18:10 685 ----a-w C:\Program Files\RecordingManager.exe.manifest
2007-09-17 18:10 659,456 ----a-w C:\Program Files\dtdr3260.dll
2007-09-17 18:10 655,360 ----a-w C:\Program Files\rjbres.dll
2007-09-17 18:10 65,536 ----a-w C:\Program Files\rjwmapln.dll
2007-09-17 18:10 6,656 ----a-w C:\Program Files\fixrjb.exe
2007-09-17 18:10 57,762 ----a-w C:\Program Files\howto.chm
2007-09-17 18:10 57,344 ----a-w C:\Program Files\tpasdk.dll
2007-09-17 18:10 568 ----a-w C:\Program Files\fpsectbl
2007-09-17 18:10 42,824 ----a-w C:\Program Files\rpshellsearch.dll
2007-09-17 18:10 41,472 ----a-w C:\Program Files\mmcdda32.dll
2007-09-17 18:10 36,352 ----a-w C:\Program Files\ierjplug.dll
2007-09-17 18:10 339,968 ----a-w C:\Program Files\rjdlg.dll
2007-09-17 18:10 32,768 ----a-w C:\Program Files\rpwa3260.dll
2007-09-17 18:10 296,312 ----a-w C:\Program Files\rpbrowserrecordplugin.dll
2007-09-17 18:10 201,949 ----a-w C:\Program Files\realplay.chm
2007-09-17 18:10 2,851 ----a-w C:\Program Files\cdroms.cfg
2007-09-17 18:10 19,456 ----a-w C:\Program Files\tnetdtct.dll
2007-09-17 18:10 19,456 ----a-w C:\Program Files\rjprog.dll
2007-09-17 18:10 16,296 ----a-w C:\Program Files\realtfon.fon
2007-09-17 18:10 152,920 ----a-w C:\Program Files\RecordingManager.exe
2007-09-17 18:10 14,336 ----a-w C:\Program Files\wmdmhelper.dll
2007-09-17 18:10 139,264 ----a-w C:\Program Files\DUNZIP32.dll
2007-09-17 18:10 119,808 ----a-w C:\Program Files\waiting.avi
2007-09-17 18:10 11,444 ----a-w C:\Program Files\frw.bmp
2007-09-17 18:10 1,211 ----a-w C:\Program Files\flvplay.swf
2007-09-17 18:09 95,552 ----a-w C:\Program Files\rdsf3260.dll
2007-09-17 18:09 9,216 ----a-w C:\Program Files\rphelperapp.exe
2007-09-17 18:09 86,016 ----a-w C:\Program Files\rpplugprot.dll
2007-09-17 18:09 7,168 ----a-w C:\Program Files\realjbox.exe
2007-09-17 18:09 682 ----a-w C:\Program Files\realplay.exe.manifest
2007-09-17 18:09 62,776 ----a-w C:\Program Files\rpshell.dll
2007-09-17 18:09 61,495 ----a-w C:\Program Files\ssimages.vs
2007-09-17 18:09 587,888 ----a-w C:\Program Files\normal.vs
2007-09-17 18:09 53,248 ----a-w C:\Program Files\rpau3260.dll
2007-09-17 18:09 53,098 ----a-w C:\Program Files\presets.rnx
2007-09-17 18:09 52,609 ----a-w C:\Program Files\RealNetworks License.html
2007-09-17 18:09 52,609 ----a-w C:\Program Files\playrlic.html
2007-09-17 18:09 50,548 ----a-w C:\Program Files\RealNetworks License.txt
2007-09-17 18:09 50,548 ----a-w C:\Program Files\playrlic.txt
2007-09-17 18:09 50 ----a-w C:\Program Files\strs23.dat
2007-09-17 18:09 480 ----a-w C:\Program Files\keys.dat
2007-09-17 18:09 27,024 ----a-w C:\Program Files\Readme.html
2007-09-17 18:09 23,558 ----a-w C:\Program Files\freeoffers.ico
2007-09-17 18:09 214,296 ----a-w C:\Program Files\realplay.exe
2007-09-17 18:09 207 ----a-w C:\Program Files\subscription.rnx
2007-09-17 18:09 17,846 ----a-w C:\Program Files\videotest.rm
2007-09-17 18:09 13 ----a-w C:\Program Files\strs26.dat
2007-09-17 18:09 102,400 ----a-w C:\Program Files\HXAudioDeviceHook.dll
2007-09-17 18:09 1,030 ----a-w C:\Program Files\autoplaylist.dat
2006-10-30 21:46 2,864 ----a-w C:\Documents and Settings\Teemu\Application Data\wklnhst.dat
2006-10-23 07:27 148 ----a-w C:\Documents and Settings\Sara\Application Data\wklnhst.dat
.
<pre>
----a-w 579,072 2008-01-20 10:54:21 C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w 219,136 2008-01-20 10:04:45 C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w 15,360 2008-01-19 19:59:58 C:\WINDOWS\system32\ctfmon .exe
</pre>
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\pelit\steam\steam.exe" [2007-11-30 07:05 1266936]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [ ]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [ ]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [ ]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [ ]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 18:06 292152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"LogonStudio"="C:\Program Files\WinCustomize LogonStudio\logonstudio.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 12:26 86016 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 15:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 12:01]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-03-14 19:07]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 15:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 16:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 15:37]
R3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys [2005-03-10 12:08]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Teemu\LOCALS~1\Temp\DMSKSSRh.sys [2001-01-12 23:42]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [2003-06-03 03:07]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:13:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-20 23:16:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-20 21:16:09
.
2008-01-13 19:06:14 --- E O F ---
|
|
Viirus
Newbie
|
22. tammikuuta 2008 @ 07:30 |
Linkki tähän viestiin
|
|
Niin liikeniskö sitä apua? :'(
|
|
