Voisiko joku auttaa? HjT Combofix log

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Viirus, Jan 20, 2008.

  1. Viirus

    Viirus Member

    Joined:
    Apr 14, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Koetin poistaa haittaohjelmia ja sain suuren osan poistettuakin jo. Ongelmana on se, että seurasin yhden luotettavan foorumin inffoja ja latasin ComboFixin. Painoin tämän "ComboFixin" käyntiin mutta mitään ei tapahtunut, enkä nyt saa sitä millään keinolla poistettua. Myöhemmin sain ladattua oikean ComboFixin joka toimi.

    Tämä niinsanottu "ComboFix" sanoo käynnistyessään:
    "ComboFix.exe ei ole kelvollinen Win32-sovellus"

    Yrittäessä poistaa:
    "Yhteiskäyttövirhe: Lähde- ja kohdetiedostot voivat olla käynnissä."

    Nämä logit ovat ComboFixin käytön jälkeen:

    ___________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:20:37, on 20.1.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\RunDLL32.exe
    D:\pelit\steam\steam.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Hijack This\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ftp://ftp20.nebula.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Steam] "d:\pelit\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161277447269
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A52417E3-8604-41F4-8C8D-76A14D662C29}: NameServer = 195.148.49.100,195.148.49.110
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7329 bytes


    __________________________________


    ComboFix 08-01-20.1 - Teemu 2008-01-20 23:09:03.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1489 [GMT 2:00]
    Running from: C:\Documents and Settings\Teemu\Ty”p”yt„\ComboFix(2).exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\_000008_.tmp.dll
    C:\WINDOWS\system32\_000011_.tmp.dll
    C:\WINDOWS\system32\_000013_.tmp.dll
    C:\WINDOWS\system32\ddabx.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\winsys.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\nm


    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-20 to 2008-01-20 )))))))))))))))))
    .

    2008-01-20 23:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-20 22:42 . 2008-01-20 22:42 <KANSIO> d-------- C:\Program Files\BillP Studios
    2008-01-20 18:20 . 2008-01-20 18:20 <KANSIO> d-------- C:\Program Files\DivX
    2008-01-20 18:19 . 2008-01-20 18:19 <KANSIO> d-------- C:\Program Files\XviD
    2008-01-20 18:19 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-01-20 18:19 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-01-20 18:19 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2008-01-20 16:32 . 2008-01-20 22:14 <KANSIO> d-------- C:\Program Files\Hijack This
    2008-01-20 16:29 . 2008-01-20 16:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-20 14:52 . 2008-01-20 14:52 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-20 14:52 . 2008-01-20 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-20 12:33 . 2008-01-20 12:33 2,227 --a------ C:\WINDOWS\system32\tcpmoon.ini
    2008-01-20 12:33 . 2008-01-20 12:33 183 --a------ C:\WINDOWS\system32\fpx.ini
    2008-01-19 21:59 . 2008-01-19 21:59 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-19 17:34 . 2008-01-19 17:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
    2008-01-19 16:36 . 2008-01-19 17:14 163 --a------ C:\WINDOWS\wininit.ini
    2008-01-19 12:05 . 2007-11-19 14:25 3,829,382 --a------ C:\WINDOWS\winavi_ipod_video_converter.exe
    2008-01-19 11:57 . 2008-01-20 18:18 <KANSIO> d-------- C:\Program Files\WinAVI MP4 Converter
    2008-01-19 11:53 . 2008-01-19 11:53 <KANSIO> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
    2008-01-19 11:53 . 2008-01-19 11:53 <KANSIO> d-------- C:\Program Files\WinAVI Video Converter 9.0
    2008-01-18 21:12 . 2008-01-18 21:12 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
    2008-01-18 18:58 . 2008-01-18 18:58 <KANSIO> d-------- C:\Program Files\AliveMedia
    2008-01-18 18:38 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
    2008-01-18 18:06 . 2008-01-18 18:06 <KANSIO> d-------- C:\My Media
    2008-01-18 18:04 . 2008-01-18 18:04 245,760 --------- C:\WINDOWS\Setup1.exe
    2008-01-18 18:04 . 2008-01-18 18:04 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-01-13 13:17 . 2008-01-13 13:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-01-13 13:15 . 2008-01-13 13:17 <KANSIO> d-------- C:\WINDOWS\nview
    2008-01-13 13:15 . 2008-01-20 23:13 88,723 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-01-13 12:47 . 2006-05-18 13:14 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
    2008-01-13 12:47 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
    2008-01-13 12:47 . 2007-12-14 09:21 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
    2008-01-13 12:44 . 2008-01-13 12:44 <KANSIO> d-------- C:\Program Files\Setup Files
    2008-01-13 12:42 . 2008-01-13 12:42 <KANSIO> d-------- C:\Documents and Settings\Teemu\Application Data\SystemRequirementsLab
    2008-01-10 08:15 . 2008-01-20 23:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-10 08:15 . 2008-01-20 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-10 08:11 . 2008-01-19 12:37 <KANSIO> d-------- C:\Program Files\QuickTime
    2008-01-03 13:55 . 2008-01-03 13:55 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-12-28 16:29 . 2008-01-07 15:03 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2007-12-26 22:08 . 2008-01-20 18:29 <KANSIO> d-------- C:\Program Files\iTunes
    2007-12-26 22:08 . 2007-12-26 22:08 <KANSIO> d-------- C:\Program Files\iPod
    2007-12-26 22:08 . 2007-12-28 16:09 <KANSIO> d-------- C:\Documents and Settings\Teemu\Application Data\Apple Computer
    2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Program Files\Common Files\Apple
    2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Program Files\Apple Software Update
    2007-12-26 22:07 . 2007-12-26 22:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-26 22:07 . 2007-12-26 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-26 22:07 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-20 19:01 --------- d-----w C:\Program Files\FinnishIRC XP
    2008-01-20 14:28 --------- d-s---w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
    2008-01-19 10:13 --------- d-----w C:\Program Files\WinCustomize LogonStudio
    2008-01-19 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-18 19:32 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
    2008-01-14 10:32 --------- d-----w C:\Program Files\MagicTune Premium
    2008-01-13 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-01-13 10:47 --------- d-----w C:\Program Files\MSI
    2008-01-06 21:21 --------- d-----w C:\Documents and Settings\Teemu\Application Data\DataLayer
    2008-01-03 12:24 --------- d-----w C:\Program Files\Canon
    2008-01-03 11:55 --------- d-----w C:\Documents and Settings\Teemu\Application Data\Canon
    2008-01-02 12:30 --------- d-----w C:\Documents and Settings\Teemu\Application Data\Skype
    2007-11-27 06:40 77,072 ----a-w C:\Documents and Settings\Teemu\Application Data\GDIPFONTCACHEV1.DAT
    2007-09-21 18:05 28 ----a-w C:\Program Files\deviceinfo
    2007-09-17 18:10 994 ----a-w C:\Program Files\browserrecord.swf
    2007-09-17 18:10 81,920 ----a-w C:\Program Files\tsasdk.dll
    2007-09-17 18:10 719,360 ----a-w C:\Program Files\dbghelp.dll
    2007-09-17 18:10 685 ----a-w C:\Program Files\RecordingManager.exe.manifest
    2007-09-17 18:10 659,456 ----a-w C:\Program Files\dtdr3260.dll
    2007-09-17 18:10 655,360 ----a-w C:\Program Files\rjbres.dll
    2007-09-17 18:10 65,536 ----a-w C:\Program Files\rjwmapln.dll
    2007-09-17 18:10 6,656 ----a-w C:\Program Files\fixrjb.exe
    2007-09-17 18:10 57,762 ----a-w C:\Program Files\howto.chm
    2007-09-17 18:10 57,344 ----a-w C:\Program Files\tpasdk.dll
    2007-09-17 18:10 568 ----a-w C:\Program Files\fpsectbl
    2007-09-17 18:10 42,824 ----a-w C:\Program Files\rpshellsearch.dll
    2007-09-17 18:10 41,472 ----a-w C:\Program Files\mmcdda32.dll
    2007-09-17 18:10 36,352 ----a-w C:\Program Files\ierjplug.dll
    2007-09-17 18:10 339,968 ----a-w C:\Program Files\rjdlg.dll
    2007-09-17 18:10 32,768 ----a-w C:\Program Files\rpwa3260.dll
    2007-09-17 18:10 296,312 ----a-w C:\Program Files\rpbrowserrecordplugin.dll
    2007-09-17 18:10 201,949 ----a-w C:\Program Files\realplay.chm
    2007-09-17 18:10 2,851 ----a-w C:\Program Files\cdroms.cfg
    2007-09-17 18:10 19,456 ----a-w C:\Program Files\tnetdtct.dll
    2007-09-17 18:10 19,456 ----a-w C:\Program Files\rjprog.dll
    2007-09-17 18:10 16,296 ----a-w C:\Program Files\realtfon.fon
    2007-09-17 18:10 152,920 ----a-w C:\Program Files\RecordingManager.exe
    2007-09-17 18:10 14,336 ----a-w C:\Program Files\wmdmhelper.dll
    2007-09-17 18:10 139,264 ----a-w C:\Program Files\DUNZIP32.dll
    2007-09-17 18:10 119,808 ----a-w C:\Program Files\waiting.avi
    2007-09-17 18:10 11,444 ----a-w C:\Program Files\frw.bmp
    2007-09-17 18:10 1,211 ----a-w C:\Program Files\flvplay.swf
    2007-09-17 18:09 95,552 ----a-w C:\Program Files\rdsf3260.dll
    2007-09-17 18:09 9,216 ----a-w C:\Program Files\rphelperapp.exe
    2007-09-17 18:09 86,016 ----a-w C:\Program Files\rpplugprot.dll
    2007-09-17 18:09 7,168 ----a-w C:\Program Files\realjbox.exe
    2007-09-17 18:09 682 ----a-w C:\Program Files\realplay.exe.manifest
    2007-09-17 18:09 62,776 ----a-w C:\Program Files\rpshell.dll
    2007-09-17 18:09 61,495 ----a-w C:\Program Files\ssimages.vs
    2007-09-17 18:09 587,888 ----a-w C:\Program Files\normal.vs
    2007-09-17 18:09 53,248 ----a-w C:\Program Files\rpau3260.dll
    2007-09-17 18:09 53,098 ----a-w C:\Program Files\presets.rnx
    2007-09-17 18:09 52,609 ----a-w C:\Program Files\RealNetworks License.html
    2007-09-17 18:09 52,609 ----a-w C:\Program Files\playrlic.html
    2007-09-17 18:09 50,548 ----a-w C:\Program Files\RealNetworks License.txt
    2007-09-17 18:09 50,548 ----a-w C:\Program Files\playrlic.txt
    2007-09-17 18:09 50 ----a-w C:\Program Files\strs23.dat
    2007-09-17 18:09 480 ----a-w C:\Program Files\keys.dat
    2007-09-17 18:09 27,024 ----a-w C:\Program Files\Readme.html
    2007-09-17 18:09 23,558 ----a-w C:\Program Files\freeoffers.ico
    2007-09-17 18:09 214,296 ----a-w C:\Program Files\realplay.exe
    2007-09-17 18:09 207 ----a-w C:\Program Files\subscription.rnx
    2007-09-17 18:09 17,846 ----a-w C:\Program Files\videotest.rm
    2007-09-17 18:09 13 ----a-w C:\Program Files\strs26.dat
    2007-09-17 18:09 102,400 ----a-w C:\Program Files\HXAudioDeviceHook.dll
    2007-09-17 18:09 1,030 ----a-w C:\Program Files\autoplaylist.dat
    2006-10-30 21:46 2,864 ----a-w C:\Documents and Settings\Teemu\Application Data\wklnhst.dat
    2006-10-23 07:27 148 ----a-w C:\Documents and Settings\Sara\Application Data\wklnhst.dat
    .
    Code:
    <pre>
----a-w           579,072 2008-01-20 10:54:21  C:\Program Files\Grisoft\AVG7\avgcc  .exe
----a-w           219,136 2008-01-20 10:04:45  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w            15,360 2008-01-19 19:59:58  C:\WINDOWS\system32\ctfmon .exe
</pre>

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="d:\pelit\steam\steam.exe" [2007-11-30 07:05 1266936]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [ ]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [ ]
    "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [ ]
    "F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [ ]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 18:06 292152]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
    "LogonStudio"="C:\Program Files\WinCustomize LogonStudio\logonstudio.exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480]
    "nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2007-04-19 12:26 86016 C:\WINDOWS\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 15:12 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 12:01]
    R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
    R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-03-14 19:07]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 15:37]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 16:30]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 15:37]
    R3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys [2005-03-10 12:08]
    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Teemu\LOCALS~1\Temp\DMSKSSRh.sys [2001-01-12 23:42]
    S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
    S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [2003-06-03 03:07]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 23:13:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-20 23:16:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-20 21:16:09
    .
    2008-01-13 19:06:14 --- E O F ---
     
    Viirus, Jan 20, 2008
    #1
  2. Viirus

    Viirus Member

    Joined:
    Apr 14, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Niin liikeniskö sitä apua? :'(

     
    Viirus, Jan 22, 2008
    #2

Share This Page