Mahdoton poistaa?

samismile · Aug 10, 2008

Joo elikkä menin lataamaan tuommoisen torrentin josta tuli sitten viirus koneelle. Ensiksi työpöydälle ilmestyi 3 kuvaketta, Error Cleaner, Privacy Protector, ja Spyware and Malware. Menin poistamaan YourUninstallerilla jonkun web... ja sen jälkeen kuvakkeet hävisivät. Alkoi löytymään kaikki erilaisia troijalaisia, myös trojan-downloader-ruin josta luin että olisi aika pahakin virus. Nyt kokeiltu Avira Antiviriä, Rogueremoveriä, Combofixiä, Vundovixiä, Hijackthisiä, Smitfraudfixiä, IEDefender Fixiä, CCleaneriä, Registry Mechanickiä, YourUninstalleria ja Spyware Sweeperiä ja mikään noista ei näyttänyt poistavan sitä. Itsellä on 2 osiota, jossa toisessa windows ja toisessa kaikki tärkeät kuvat sun muut. Formatoin Windows osion, ja edelleen Antivir löytää Win32/Parite viruksen kaikista EXE tiedostoista. Näkyy että virus on levinnyt myös toiselle osiolle. Onko mahdollista saada tätä paskaa viirusta pois?

yaht · Aug 11, 2008

Anna uusi hijackthis loki ja aja combo uudelleen ja anna sen loki myös.

samismile · Aug 11, 2008

Tossa olis HijackThis:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:21, on 11.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Mozilla Firefox\firefox.exe
\?\D:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [hfxp] "D:\Program Files\Hf\hfxp.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O13 - Gopher Prefix: 
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - D:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 4021 bytes

Tossa vielä Combofix loki:

Code:

ComboFix 08-08-10.02 - Sami 2008-08-11 12:05:42.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1442 [GMT 3:00]
Running from: D:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-11 to 2008-08-11  )))))))))))))))))))))))))))))))
.

2008-08-11 12:01 . 2008-08-11 12:01	<DIR>	d--h-----	D:\WINDOWS\PIF
2008-08-11 02:02 . 2004-08-04 00:56	21,504	--a------	D:\WINDOWS\system32\hidserv.dll
2008-08-11 02:02 . 2001-08-17 13:59	3,072	--a------	D:\WINDOWS\system32\drivers\audstub.sys
2008-08-11 02:01 . 2004-08-03 22:59	57,472	--a------	D:\WINDOWS\system32\drivers\redbook.sys
2008-08-11 02:00 . 2008-08-10 23:21	<DIR>	dr---c---	D:\Documents and Settings\All Users\Documents
2008-08-11 00:22 . 2008-08-11 00:22	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\Avira
2008-08-11 00:18 . 2008-08-11 00:18	11,286	--a------	D:\WINDOWS\system32\MRT.INI
2008-08-11 00:15 . 2008-08-11 00:15	<DIR>	d----c---	D:\Program Files\MSXML 6.0
2008-08-11 00:13 . 2008-08-11 00:18	<DIR>	d--h-----	D:\WINDOWS\$hf_mig$
2008-08-11 00:13 . 2008-08-11 00:13	<DIR>	d----c---	D:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 00:13 . 2008-08-11 00:13	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 00:13 . 2008-08-11 00:13	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-11 00:13 . 2008-07-30 20:07	38,472	--a------	D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 00:13 . 2008-07-30 20:07	17,144	--a------	D:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 00:12 . 2008-08-11 00:12	<DIR>	d----c---	D:\Program Files\Common Files\Download Manager
2008-08-11 00:04 . 2008-08-11 00:04	0	--a------	D:\WINDOWS\ativpsrm.bin
2008-08-11 00:03 . 2008-08-11 00:03	<DIR>	d----c---	D:\Program Files\Webroot
2008-08-11 00:03 . 2008-08-11 00:03	<DIR>	d----c---	D:\Documents and Settings\LocalService\Application Data\Webroot
2008-08-11 00:03 . 2008-08-11 00:03	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\Webroot
2008-08-11 00:03 . 2008-08-11 00:03	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\Webroot
2008-08-11 00:03 . 2007-06-15 13:38	1,521,216	--a------	D:\WINDOWS\WRSetup.dll
2008-08-11 00:03 . 2007-06-15 13:22	160,320	--a------	D:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-11 00:03 . 2007-06-15 13:22	24,128	--a------	D:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-11 00:03 . 2007-06-15 13:21	22,080	--a------	D:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-11 00:03 . 2007-06-15 13:21	20,544	--a------	D:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-08-10 23:50 . 2008-08-10 23:50	<DIR>	d----c---	D:\Program Files\Trend Micro
2008-08-10 23:49 . 2005-11-09 00:26	38,400	--a------	D:\WINDOWS\system32\moveex.exe
2008-08-10 23:48 . 2008-08-10 23:48	0	--a------	D:\WINDOWS\nsreg.dat
2008-08-10 23:40 . 2008-08-10 23:40	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\ArcSoft
2008-08-10 23:40 . 2008-08-10 23:40	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-08-10 23:40 . 2006-11-10 15:05	18,688	--a------	D:\WINDOWS\system32\drivers\afc.sys
2008-08-10 23:39 . 2008-08-10 23:40	<DIR>	d----c---	D:\Program Files\Common Files\ArcSoft
2008-08-10 23:39 . 2008-08-10 23:39	<DIR>	d----c---	D:\Program Files\ArcSoft
2008-08-10 23:39 . 2008-08-10 23:39	306,816	--a------	D:\WINDOWS\system32\drivers\AF15BDA.SYS
2008-08-10 23:39 . 2005-04-27 16:36	245,408	--a------	D:\WINDOWS\system32\unicows.dll
2008-08-10 23:39 . 2008-08-10 23:39	28,672	--a------	D:\WINDOWS\system32\AF15BDAEX.dll
2008-08-10 23:39 . 2008-08-10 23:39	126	--a------	D:\WINDOWS\system32\AF15IRTBL.bin
2008-08-10 23:37 . 2008-08-10 23:37	<DIR>	d----c---	D:\Program Files\PlayFLV
2008-08-10 23:36 . 2008-08-10 23:36	<DIR>	d--hsc---	D:\Program Files\Common Files\WindowsLiveInstaller
2008-08-10 23:36 . 2008-08-10 23:36	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 23:33 . 2008-08-10 23:37	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\Skype
2008-08-10 23:28 . 2008-08-10 23:28	<DIR>	d--------	D:\Program Files\Xvid
2008-08-10 23:28 . 2008-08-10 23:28	<DIR>	d----c---	D:\Program Files\RevConnect
2008-08-10 23:28 . 2007-06-28 18:55	77,824	--a------	D:\WINDOWS\system32\xvid.ax
2008-08-10 23:27 . 2008-08-10 23:27	<DIR>	d----c---	D:\Program Files\K-Lite Codec Pack
2008-08-10 23:26 . 2008-08-10 23:32	<DIR>	d----c---	D:\Program Files\WarRock
2008-08-10 23:26 . 2008-08-10 23:26	<DIR>	d----c---	D:\Program Files\Skype
2008-08-10 23:26 . 2008-08-10 23:26	<DIR>	d----c---	D:\Documents and Settings\All Users\Application Data\Skype
2008-08-10 23:25 . 2008-02-25 21:05	593,920	---------	D:\WINDOWS\system32\ati2sgag.exe
2008-08-10 23:24 . 2008-08-10 23:24	<DIR>	d---s----	D:\WINDOWS\system32\Microsoft
2008-08-10 23:24 . 2008-08-10 23:24	<DIR>	d--------	D:\WINDOWS\system32\Lang
2008-08-10 23:24 . 2008-08-10 23:24	940,794	--a------	D:\WINDOWS\system32\LoopyMusic.wav
2008-08-10 23:24 . 2008-08-10 23:24	146,650	--a------	D:\WINDOWS\system32\BuzzingBee.wav
2008-08-10 23:21 . 2008-08-10 23:21	<DIR>	d--------	D:\WINDOWS\PCHEALTH
2008-08-10 23:21 . 2008-08-10 23:21	<DIR>	d----c---	D:\Program Files\Avira
2008-08-10 23:21 . 2008-08-10 23:21	552	--a------	D:\WINDOWS\system32\d3d8caps.dat
2008-08-10 23:20 . 2008-08-10 23:20	<DIR>	d----c---	D:\Program Files\CCleaner
2008-08-10 23:20 . 2006-10-04 17:06	1,197,294	---------	D:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-10 23:20 . 2006-10-04 17:06	764,868	---------	D:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-10 23:20 . 2006-10-04 17:06	217,118	---------	D:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-10 23:20 . 2008-08-10 23:20	23,392	--a------	D:\WINDOWS\system32\nscompat.tlb
2008-08-10 23:20 . 2008-08-10 23:20	16,832	--a------	D:\WINDOWS\system32\amcompat.tlb
2008-08-10 23:19 . 2008-08-10 23:32	<DIR>	d--------	D:\WINDOWS\system32\LogFiles
2008-08-10 23:19 . 2008-08-10 23:20	<DIR>	d--------	D:\Program Files\Your Uninstaller 2008
2008-08-10 23:19 . 2008-08-10 23:19	<DIR>	d----c---	D:\Program Files\UltraISO
2008-08-10 23:19 . 2008-08-10 23:19	<DIR>	d----c---	D:\Program Files\Common Files\EZB Systems
2008-08-10 23:19 . 2008-08-11 12:01	<DIR>	d-a--c---	D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 23:19 . 2008-08-10 23:19	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\URSoft
2008-08-10 23:19 . 2008-08-10 23:19	316,640	--a------	D:\WINDOWS\WMSysPr9.prx
2008-08-10 23:19 . 2006-09-25 17:58	23,856	--a------	D:\WINDOWS\system32\spupdsvc.exe
2008-08-10 23:18 . 2008-08-10 23:18	<DIR>	d----c---	D:\Program Files\QuickTime
2008-08-10 23:18 . 2008-08-10 23:18	<DIR>	d----c---	D:\Program Files\ImTOO
2008-08-10 23:17 . 2008-08-10 23:17	<DIR>	d--------	D:\Program Files\Webteh
2008-08-10 23:17 . 2004-03-09 01:00	1,081,616	--a------	D:\WINDOWS\system32\MSCOMCTL.OCX
2008-08-10 23:17 . 2004-08-04 08:00	92,672	--a------	D:\WINDOWS\system32\dskquota.dll
2008-08-10 23:17 . 2008-08-10 23:17	51,355	--a------	D:\WINDOWS\system32\muzika.xm
2008-08-10 23:16 . 2008-08-10 23:16	<DIR>	d----c---	D:\Program Files\Hf
2008-08-10 23:16 . 2007-01-23 00:26	17,264	--a------	D:\WINDOWS\system32\drivers\hfxp2.sys
2008-08-10 23:15 . 2008-08-10 23:15	<DIR>	d----c---	D:\Program Files\Realtek
2008-08-10 23:14 . 2008-08-10 23:25	<DIR>	d----c---	D:\Program Files\Common Files\InstallShield
2008-08-10 23:13 . 2008-08-10 23:13	<DIR>	d----c---	D:\WINDOWS\system32\DRVSTORE
2008-08-10 23:13 . 2008-08-10 23:39	<DIR>	d--h-c---	D:\Program Files\InstallShield Installation Information
2008-08-10 23:13 . 2008-08-10 23:13	<DIR>	d----c---	D:\Program Files\AMD
2008-08-10 23:13 . 2008-08-10 23:13	<DIR>	d----c---	D:\Documents and Settings\Administrator\Application Data\InstallShield
2008-08-10 23:13 . 2006-07-01 23:37	39,424	--a------	D:\WINDOWS\system32\drivers\AmdK8.sys
2008-08-10 23:06 . 2008-08-10 23:06	<DIR>	d--hsc---	D:\Documents and Settings\LocalService
2008-08-10 23:06 . 2008-08-11 00:09	<DIR>	d----c---	D:\Documents and Settings\Administrator
2008-08-10 23:06 . 2008-08-10 23:06	8,192	--a------	D:\WINDOWS\REGLOCS.OLD
2008-08-10 23:05 . 2008-08-10 23:06	<DIR>	d--hsc---	D:\Documents and Settings\NetworkService
2008-08-10 23:05 . 2008-08-10 23:05	2,577	--a------	D:\WINDOWS\system32\CONFIG.NT
2008-08-10 23:05 . 2008-08-10 23:05	0	--a------	D:\WINDOWS\control.ini
2008-08-10 23:04 . 2008-08-11 00:18	<DIR>	d--------	D:\WINDOWS\system32\dllcache
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\WindowsShell.Manifest
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\system32\sapi.cpl.manifest
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\system32\nwc.cpl.manifest
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-10 23:04 . 2008-08-10 23:04	749	-rah-----	D:\WINDOWS\system32\cdplayer.exe.manifest
2008-08-10 23:04 . 2008-08-10 23:04	488	-rah-----	D:\WINDOWS\system32\WindowsLogon.manifest
2008-08-10 23:04 . 2008-08-10 23:04	488	-rah-----	D:\WINDOWS\system32\logonui.exe.manifest
2008-08-10 23:02 . 2008-08-10 23:03	<DIR>	d--------	D:\Program Files\Windows Media Connect 2
2008-08-04 15:32 . 2008-08-04 15:32	984,576	--a------	D:\WINDOWS\system32\syssetup.dll
2008-08-04 15:32 . 2008-06-20 13:44	360,960	--a------	D:\WINDOWS\system32\drivers\tcpip.sys
2008-08-04 15:32 . 2008-08-04 15:32	140,288	--a------	D:\WINDOWS\system32\sfc_os.dll
2008-08-04 15:32 . 2008-08-04 15:32	1,435	--a------	D:\WINDOWS\system32\mmdriver.inf
2008-08-04 13:42 . 2008-02-21 10:55	286,336	--a------	D:\WINDOWS\system32\drivers\yk51x86.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 20:15	315,392	----a-w	D:\WINDOWS\HideWin.exe
2008-06-20 17:36	245,248	----a-w	D:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36	245,248	------w	D:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:36	147,968	------w	D:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:44	360,960	------w	D:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44	138,368	----a-w	D:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44	138,368	------w	D:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32	225,920	------w	D:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10	272,128	------w	D:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10	272,128	------w	D:\WINDOWS\system32\dllcache\bthport.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hfxp"="D:\Program Files\Hf\hfxp.exe" [2007-06-21 18:51 271828]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	schannel.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 HFXP2;HFXP2;D:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2007-01-23 00:26]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;D:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-06-15 13:21]
R2 ACDaemon;ArcSoft Connect Daemon;D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-12-18 10:15]
R3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch	REG_MULTI_SZ   	DcomLaunch

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dqzth5mj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fi


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-08-11 12:06:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-11 12:06:32
ComboFix-quarantined-files.txt  2008-08-11 09:06:31

Pre-Run: 18,347,479,040 bytes free
Post-Run: 18,336,079,872 bytes free

192	--- E O F ---	2008-08-10 21:18:36

samismile · Aug 11, 2008

Joo eli virus kerkesi tuhoamaan kaikki EXEt. Jouduin formatoimaan koko kovon.

Log in or Sign up

Mahdoton poistaa?

samismile Regular member

yaht Regular member

samismile Regular member

samismile Regular member

Share This Page

Log in or Sign up

Mahdoton poistaa?

samismile Regular member

yaht Regular member

samismile Regular member

samismile Regular member

Share This Page

Useful Searches