ongelma!!!!!!!

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by akslei, Apr 27, 2007.

  1. akslei

    akslei Regular member

    Joined:
    Oct 18, 2006
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    26
    tarkistakaa joku

    "HP_Administrator" - 07-04-28 9:59:33 Service Pack 2
    ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


    2007-04-26 16:08 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-26 16:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-04-26 16:08 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-26 16:08 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-04-26 16:08 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-26 16:08 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-26 16:08 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-26 16:08 <KANSIO> d-------- C:\Program Files\Alwil Software
    2007-04-20 18:49 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-03-31 14:01 186,880 --a------ C:\Program Files\LSPFix.exe
    2007-03-30 20:05 926,241 --a------ C:\WINDOWS\system32\model.dat
    2007-03-30 20:05 729,088 --a------ C:\WINDOWS\system32\LDPackage.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-28 09:24 -------- d-------- C:\Program Files\steam
    2007-04-26 18:01 -------- d-------- C:\Program Files\themexp
    2007-04-20 18:49 -------- d-------- C:\Program Files\ffdshow
    2007-04-20 18:49 -------- d-------- C:\Program Files\dscaler
    2007-04-18 19:10 -------- d-------- C:\Program Files\mozilla thunderbird
    2007-03-29 19:09 344064 --a------ C:\WINDOWS\system32\rlls.dll
    2007-03-29 19:09 1511424 --a------ C:\WINDOWS\system32\rlvknlg.exe
    2007-03-28 10:58 -------- d--h----- C:\Program Files\installshield installation information
    2007-03-28 08:44 -------- d-------- C:\Program Files\msn messenger
    2007-03-26 17:11 -------- d-------- C:\Program Files\partygaming
    2007-03-21 18:55 8464 --a------ C:\WINDOWS\system32\sporder.dll
    2007-03-21 16:38 -------- d-------- C:\Program Files\wordweb
    2007-03-21 16:38 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\wordweb
    2007-03-18 12:17 -------- d-------- C:\Program Files\error safe free
    2007-03-12 04:10 -------- d-------- C:\Program Files\pkr
    2007-03-12 02:09 6971 --a------ C:\WINDOWS\mozver.dat
    2007-03-12 02:09 4 --a------ C:\WINDOWS\system32\proc20744962.bin
    2007-03-12 02:09 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\ganymedenet
    2007-03-09 13:12 -------- d-------- C:\Program Files\java
    2007-03-08 18:36 577536 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 18:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 18:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 16:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-02 21:25 1042304 --a------ C:\WINDOWS\wweb32.dll
    2007-03-02 19:17 -------- d-------- C:\Program Files\intel
    2007-02-22 16:48 57344 --a------ C:\WINDOWS\wnmhindr.exe
    2007-02-22 16:48 24576 --a------ C:\WINDOWS\system32\nmh040a.dll
    2007-02-22 16:45 724992 --a------ C:\WINDOWS\iun6002.exe
    2007-02-11 13:37 163296 --a------ C:\WINDOWS\video cleaner pro uninstaller.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
    "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DMAScheduler"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ehtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPwuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPBootOp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hphupd08"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NetLimiter"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LAUNCH~1"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PcSync2"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c94d45-4628-11db-9346-806d6172696f}]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-28 10:02:50
    C:\ComboFix2.txt ... 07-03-31 14:43
     
    akslei, Apr 27, 2007
    #1
  2. Hujo

    Hujo Guest

    Laita hjt loki myös
     
    Hujo, Apr 28, 2007
    #2

Share This Page