|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
ongelma!!!!!!!
|
|
|
akslei
Member
|
28. huhtikuuta 2007 @ 06:05 |
Linkki tähän viestiin
|
tarkistakaa joku
"HP_Administrator" - 07-04-28 9:59:33 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))
2007-04-26 16:08 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-26 16:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-26 16:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-26 16:08 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-26 16:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-26 16:08 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-26 16:08 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-26 16:08 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-04-20 18:49 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-31 14:01 186,880 --a------ C:\Program Files\LSPFix.exe
2007-03-30 20:05 926,241 --a------ C:\WINDOWS\system32\model.dat
2007-03-30 20:05 729,088 --a------ C:\WINDOWS\system32\LDPackage.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-28 09:24 -------- d-------- C:\Program Files\steam
2007-04-26 18:01 -------- d-------- C:\Program Files\themexp
2007-04-20 18:49 -------- d-------- C:\Program Files\ffdshow
2007-04-20 18:49 -------- d-------- C:\Program Files\dscaler
2007-04-18 19:10 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-29 19:09 344064 --a------ C:\WINDOWS\system32\rlls.dll
2007-03-29 19:09 1511424 --a------ C:\WINDOWS\system32\rlvknlg.exe
2007-03-28 10:58 -------- d--h----- C:\Program Files\installshield installation information
2007-03-28 08:44 -------- d-------- C:\Program Files\msn messenger
2007-03-26 17:11 -------- d-------- C:\Program Files\partygaming
2007-03-21 18:55 8464 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-21 16:38 -------- d-------- C:\Program Files\wordweb
2007-03-21 16:38 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\wordweb
2007-03-18 12:17 -------- d-------- C:\Program Files\error safe free
2007-03-12 04:10 -------- d-------- C:\Program Files\pkr
2007-03-12 02:09 6971 --a------ C:\WINDOWS\mozver.dat
2007-03-12 02:09 4 --a------ C:\WINDOWS\system32\proc20744962.bin
2007-03-12 02:09 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ganymedenet
2007-03-09 13:12 -------- d-------- C:\Program Files\java
2007-03-08 18:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 16:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 21:25 1042304 --a------ C:\WINDOWS\wweb32.dll
2007-03-02 19:17 -------- d-------- C:\Program Files\intel
2007-02-22 16:48 57344 --a------ C:\WINDOWS\wnmhindr.exe
2007-02-22 16:48 24576 --a------ C:\WINDOWS\system32\nmh040a.dll
2007-02-22 16:45 724992 --a------ C:\WINDOWS\iun6002.exe
2007-02-11 13:37 163296 --a------ C:\WINDOWS\video cleaner pro uninstaller.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMAScheduler"
"hkey"="HKLM"
"command"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPwuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPBootOp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetLimiter"
"hkey"="HKLM"
"command"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c94d45-4628-11db-9346-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-28 10:02:50
C:\ComboFix2.txt ... 07-03-31 14:43
aki
|
|
Hujo
Suspended permanently
|
28. huhtikuuta 2007 @ 07:40 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
