1. Dator och IT
  2. Programvara: Windows

Vad är det hör för virus?

Svara
  • 2
  • 3
2008-07-08, 11:16
  #25
Frottefilten
Medlem
Frottefiltens avatar
del 3

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-07 16:21 --------- d-----w C:\Documents and Settings\U\Application Data\Free Download Manager
2008-07-07 08:48 --------- d-----w C:\Documents and Settings\U\Application Data\LimeWire
2008-06-29 20:10 --------- d-----w C:\Documents and Settings\U\Application Data\F-Secure
2008-06-20 17:17 --------- d-----w C:\Documents and Settings\U\Application Data\dvdcss
2008-06-16 13:16 --------- d--h--w C:\Program\InstallShield Installation Information
2008-06-16 13:16 --------- d-----w C:\Program\NewSoft
2008-06-16 13:16 --------- d-----w C:\Program\Delade filer\NewSoft
2008-06-16 13:08 --------- d-----w C:\Program\Delade filer\InstallShield
2008-05-30 22:55 --------- d-----w C:\Program\Java
2008-05-30 20:32 --------- d-----w C:\Documents and Settings\U\Application Data\Bredbandsbolaget
2008-05-30 20:30 --------- d-----w C:\Program\Bredbandsbolaget
2008-05-28 22:03 --------- d-----w C:\Program\PC Tune-Up
2008-05-27 05:56 --------- d-----w C:\Program\Google
2008-05-26 19:59 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-26 19:42 --------- d-----w C:\Documents and Settings\U\Application Data\Corel
2008-05-24 19:24 --------- d-----w C:\Documents and Settings\U\Application Data\Talkback
2008-05-15 05:49 --------- d-----w C:\Program\LimeWire
2008-05-09 17:44 --------- d-----w C:\Documents and Settings\U\Application Data\Windows Live Writer
2008-05-07 19:55 --------- d-----w C:\Documents and Settings\U\Application Data\ATI
2008-05-07 19:50 --------- d-----w C:\Program\ATI Technologies
2008-05-07 13:56 --------- d-----w C:\Program\Windows Media Components
2008-05-07 13:54 --------- d-----w C:\Program\Digitus
2008-05-04 07:56 59,782,440 ----a-w C:\iTunesSetup.exe
2008-05-02 15:27 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2008-05-02 14:51 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-14 16:05 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 16:04 221,184 ----a-w C:\WINDOWS\system32\wmpns.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_23.37.11.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 21:30:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 16:23:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-05-02 16:51 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll
"VIDC.NSVI"= nsvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Free Download Manager\\fdm.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\LimeWire\\LimeWire.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Mozilla Firefox\\firefox.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;C:\WINDOWS\system32\Drivers\Achernar.sys [2007-02-05 11:15]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-02 22:02]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program\F-Secure Internet Security\HIPS\fshs.sys [2008-05-02 21:53]
R2 RUBotted;Trend Micro RUBotted Service;C:\Program\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 00:18]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIV ERS\TMPassthru.sys [2007-11-27 22:51]
R3 USB28xxBGA;USB 2821 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 21:21]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 23:38]
S2 FSIHS;F-Secure Installer restarter;C:\DOCUME~1\ULRIKA~1\LOKALA~1\Temp\Insta ller\00000001\bootstrap\fsihs.exe []
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-04 08:01:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 07:00:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 08:00:02 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 11:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-02 13:00:02 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-30 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-02 17:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-06 18:00:01 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-06 19:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-06 20:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-06 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-06-28 07:52:37 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\htXTj72B.exe

"2008-06-29 06:00:03 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\htXTj72B.exe
"2008-07-07 15:43:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
Citera
2008-07-08, 13:25
  #26
tzipp
Medlem
Ta bort dessa filer och skicka en ny Hijack log efter det

C:\WINDOWS\Tasks\At1.job"
C:\WINDOWS\Tasks\At10.job"
C:\WINDOWS\Tasks\At11.job"
C:\WINDOWS\Tasks\At12.job"
C:\WINDOWS\Tasks\At13.job"
C:\WINDOWS\Tasks\At14.job"
C:\WINDOWS\Tasks\At15.job"
C:\WINDOWS\Tasks\At16.job"
C:\WINDOWS\Tasks\At17.job"
C:\WINDOWS\Tasks\At18.job"
C:\WINDOWS\Tasks\At19.job"
C:\WINDOWS\Tasks\At2.job"
C:\WINDOWS\Tasks\At20.job"
C:\WINDOWS\Tasks\At21.job"
C:\WINDOWS\Tasks\At22.job"
C:\WINDOWS\Tasks\At23.job"
C:\WINDOWS\Tasks\At24.job"
C:\WINDOWS\Tasks\At3.job"
C:\WINDOWS\Tasks\At4.job"
C:\WINDOWS\Tasks\At5.job"
C:\WINDOWS\Tasks\At6.job"
C:\WINDOWS\Tasks\At7.job"
C:\WINDOWS\Tasks\At8.job"
C:\WINDOWS\Tasks\At9.job"
C:\WINDOWS\system32\htXTj72B.exe.a_a
C:\WINDOWS\system32\htXTj72B.exe
C:\WINDOWS\system32\{72ab498d-74d8-0a49-a2b0-848865f6bf6f}.dll-uninst.exe
Citera
Svara
  • 2
  • 3

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Det är enkelt att registrera ett nytt konto

Bli medlem

Logga in

Har du redan ett konto? Logga in här

Logga in