Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1 (Edited)
Hello,

i'm new here

I have an issue!

C:\Windows\System32\drivers\atapi.sys Win32/Omarik PY Virus

I have tried removing it, but ESET doesn't let you as it is a critical system file.

My Operating System is Windows 7 Ultimate

Can you please help me to remove this virus as it is affecting my computer :'(


ps: im sorry im posting in wrong section..==
 

·
Registered
Joined
·
2 Posts
Discussion Starter #2
That the log files after i scan with ComboFix

ComboFix 09-11-13.04 - User 1/2009 Fri 21:24.1.2 - NTFSx86
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.988.288 [GMT 8:00]
执行位置: c:\users\User\Desktop\ComboFix.exe
* 防毒软件还在运行中

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2300269333-153847588-2002777576-1001
C:\desktop.ini
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\kr_done1
c:\windows\system32\oem28.inf
c:\windows\system32\OGACheckControl.dll

.
((((((((((((((((((((((((( 2009-10-13 至 2009-11-13 的新的档案 )))))))))))))))))))))))))))))))
.

2009-11-13 13:02 . 2009-11-13 13:02 413696 ----a-w- c:\users\User\AppData\Roaming\Spiritsoft\urlspirit\taskcore.exe
2009-11-13 13:01 . 2009-11-13 13:01 3664 ------w- C:\bootsqm.dat
2009-11-13 11:13 . 2009-11-13 11:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-13 11:02 . 2009-11-13 13:19 -------- d-----w- c:\users\User\AppData\Local\Adobe
2009-11-12 09:52 . 2009-11-12 09:52 -------- d-----r- C:\Sandbox
2009-11-12 09:26 . 2009-11-12 09:26 -------- d-----w- c:\users\User\AppData\Roaming\Spiritsoft
2009-11-11 17:09 . 2009-11-11 17:09 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-11-11 17:09 . 2009-11-11 17:09 1665016 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-11-11 17:09 . 2009-11-11 17:09 3538944 ----a-w- c:\windows\system32\bcmihvui.dll
2009-11-11 17:09 . 2009-11-11 17:09 3858432 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-11-11 16:58 . 2009-07-09 22:44 122880 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2009-11-11 16:58 . 2009-07-09 22:44 4608 ----a-w- c:\windows\system32\HdmiCoin.dll
2009-11-11 16:09 . 2009-11-11 16:09 59904 ----a-w- c:\windows\system32\drivers\enecir.sys
2009-11-11 16:08 . 2009-11-11 16:08 116136 ----a-w- c:\windows\system32\drivers\jmcr.sys
2009-11-11 16:08 . 2009-11-11 16:08 110080 ----a-w- c:\windows\system32\jmcricon.dll
2009-11-11 15:54 . 2009-11-13 13:03 8192 d-----w- c:\program files\DriveTheLife
2009-11-09 11:37 . 2007-12-26 09:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-09 11:37 . 2007-12-26 09:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-09 03:23 . 2009-11-09 03:23 -------- d-----w- c:\users\User\AppData\Local\ESET
2009-11-08 17:49 . 2009-08-27 00:09 155648 ----a-w- c:\windows\system32\igfxCoIn_v1883.dll
2009-11-08 17:49 . 2009-11-11 16:52 52736 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-11-08 17:49 . 2009-11-11 16:52 5702656 ----a-w- c:\windows\system32\igfxress.dll
2009-11-08 17:49 . 2009-11-11 16:52 200192 ----a-w- c:\windows\system32\igfxpph.dll
2009-11-08 17:49 . 2009-11-11 16:52 215040 ----a-w- c:\windows\system32\igfxdev.dll
2009-11-08 17:49 . 2009-11-11 16:52 94720 ----a-w- c:\windows\system32\hccutils.dll
2009-11-08 14:07 . 2009-07-21 14:33 409088 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-11-08 14:07 . 2009-07-21 14:33 405504 ----a-w- c:\windows\system32\stcplx.dll
2009-11-08 14:06 . 2002-05-21 02:50 68886 ----a-w- c:\windows\system32\drivers\LMouFlt2.sys
2009-11-08 14:06 . 2002-05-21 02:50 5846 ----a-w- c:\windows\system32\drivers\LKbdFlt2.sys
2009-11-08 14:06 . 2002-05-21 02:50 52166 ----a-w- c:\windows\system32\drivers\L8042Pr2.sys
2009-11-08 14:06 . 2002-05-21 02:50 23270 ----a-w- c:\windows\system32\drivers\LHidFlt2.sys
2009-11-08 14:06 . 2002-05-21 02:50 19188 ----a-w- c:\windows\system32\LCoInst.dll
2009-11-08 06:57 . 2009-11-08 06:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-11-08 05:56 . 2009-11-08 13:59 -------- d-----w- c:\program files\Microsoft Works
2009-11-08 05:54 . 2009-11-08 05:54 -------- d-----w- c:\program files\Microsoft.NET
2009-11-08 05:53 . 2009-11-08 05:54 -------- d-----w- c:\users\User\AppData\Roaming\Nero
2009-11-08 05:52 . 2009-11-08 05:52 -------- d-----w- c:\users\User\AppData\Local\Microsoft Help
2009-11-08 05:52 . 2009-11-12 09:26 -------- d-----w- c:\programdata\Microsoft Help
2009-11-07 05:09 . 2009-11-07 07:27 -------- d-----w- c:\users\User\AppData\Roaming\GetRightToGo
2009-11-04 11:28 . 2009-11-04 11:29 4096 d-----w- c:\program files\QuickTime
2009-11-04 11:28 . 2009-11-04 11:28 -------- d-----w- c:\programdata\Apple Computer
2009-11-04 11:27 . 2009-11-04 11:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 11:27 . 2009-11-04 11:27 -------- d-----w- c:\users\User\AppData\Local\Apple
2009-11-04 11:27 . 2009-11-04 11:27 4096 d-----w- c:\program files\Apple Software Update
2009-11-04 11:27 . 2009-11-04 11:27 -------- d-----w- c:\programdata\Apple
2009-11-04 03:16 . 2009-11-02 12:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-04 03:11 . 2009-11-04 03:11 -------- d-----w- c:\program files\ESET
2009-11-03 15:05 . 2009-08-20 08:04 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-11-03 15:05 . 2009-07-22 02:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-03 15:05 . 2009-03-04 22:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-11-02 17:54 . 2009-06-04 10:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-02 12:31 . 2009-11-02 12:31 -------- d-----w- c:\users\User\AppData\Local\Innovative Solutions
2009-11-02 12:31 . 2009-11-02 12:31 -------- d-----w- c:\programdata\Innovative Solutions
2009-11-02 10:35 . 2007-01-27 18:08 5632 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2009-11-02 10:31 . 2009-11-02 10:31 -------- d-----w- c:\users\User\AppData\Roaming\DeviceDoctorSoftware
2009-11-02 10:00 . 2009-11-02 10:00 -------- d-----w- c:\programdata\UAB
2009-11-02 10:00 . 2009-11-02 10:00 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-11-02 09:37 . 2009-11-02 10:02 -------- d-----w- c:\program files\TTPlayer
2009-11-02 09:19 . 2009-11-02 09:19 -------- d-----w- c:\program files\Codemonster
2009-11-01 18:14 . 2009-11-10 06:39 4096 d-----w- c:\users\User\AppData\Roaming\PPStream
2009-11-01 18:14 . 2009-11-10 06:34 4096 d-----w- c:\program files\PPStream
2009-11-01 17:08 . 2009-11-01 17:08 -------- d-----w- c:\programdata\GroupPolicy
2009-11-01 16:35 . 2009-11-01 16:35 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics
2009-11-01 16:11 . 2009-11-01 16:11 -------- d-----w- c:\users\User\AppData\Local\Apps
2009-11-01 15:25 . 2009-11-01 15:25 -------- d-----w- c:\programdata\Messenger Plus!
2009-11-01 15:24 . 2009-11-01 15:24 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-01 15:10 . 2009-11-01 15:11 91648 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-11-01 11:04 . 2009-11-01 11:04 -------- d-----w- c:\programdata\SpeedBit
2009-11-01 11:04 . 2009-11-01 15:12 12288 d-----w- c:\program files\DAP
2009-10-31 21:06 . 2009-10-31 21:06 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2009-10-31 20:50 . 2009-11-12 05:56 -------- d-----w- c:\users\User\Tracing
2009-10-31 20:40 . 2009-11-08 14:11 108824 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-31 19:12 . 2009-10-31 19:12 -------- d-----w- c:\program files\Driver-Soft
2009-10-31 17:24 . 2009-10-31 17:24 -------- d-----w- c:\programdata\eMule
2009-10-31 13:26 . 2009-10-30 21:42 -------- d-----w- c:\windows\Panther
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\wsbl.dat
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\ph_white.dat
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\ph_black.dat
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-10-31 10:26 . 2009-10-31 10:26 0 ----a-w- c:\windows\system32\pcwords.dat
2009-10-31 10:14 . 2009-10-31 10:15 -------- d-----w- c:\program files\Nero
2009-10-31 10:14 . 2009-10-31 10:16 4096 d-----w- c:\program files\Common Files\Nero
2009-10-31 10:14 . 2009-10-31 10:15 -------- d-----w- c:\programdata\Nero
2009-10-31 07:52 . 2009-10-31 07:52 0 ----a-w- c:\windows\nsreg.dat
2009-10-31 04:28 . 2009-10-31 04:28 4096 d-----w- c:\program files\RocketDock
2009-10-31 04:25 . 2009-10-31 04:25 -------- d-----w- C:\Downloads
2009-10-31 04:24 . 2009-11-01 11:17 -------- d-----w- c:\program files\BitComet
2009-10-31 04:15 . 2009-10-31 06:21 -------- d-----w- c:\program files\SogouInput
2009-10-31 04:03 . 2009-10-31 06:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-31 04:02 . 2009-11-08 11:40 -------- d-----w- c:\program files\Microsoft
2009-10-31 04:02 . 2009-10-31 04:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-31 04:02 . 2009-11-01 15:09 -------- d-----w- c:\program files\Windows Live
2009-10-31 04:02 . 2009-10-31 04:02 -------- d-----w- c:\windows\PCHEALTH
2009-10-31 04:00 . 2009-10-31 04:00 -------- d-----w- c:\program files\CCleaner
2009-10-31 00:15 . 2009-11-13 13:06 96514 ----a-w- c:\windows\system32\prfc0404.dat
2009-10-31 00:15 . 2009-11-13 13:06 371298 ----a-w- c:\windows\system32\prfh0404.dat
2009-10-31 00:15 . 2009-10-31 00:13 31548 ----a-w- c:\windows\system32\prfd0404.dat
2009-10-31 00:15 . 2009-10-31 00:13 117840 ----a-w- c:\windows\system32\prfi0404.dat
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\zh-TW
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\zh-CHT
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\drivers\zh-TW
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\drivers\zh-HK
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\wbem\zh-TW
2009-10-31 00:14 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\wbem\zh-HK
2009-10-31 00:02 . 2009-11-13 13:06 355328 ----a-w- c:\windows\system32\prfh0804.dat
2009-10-31 00:02 . 2009-11-13 13:06 101428 ----a-w- c:\windows\system32\prfc0804.dat
2009-10-31 00:02 . 2009-10-31 00:00 31548 ----a-w- c:\windows\system32\prfd0804.dat
2009-10-31 00:02 . 2009-10-31 00:00 111310 ----a-w- c:\windows\system32\prfi0804.dat
2009-10-31 00:00 . 2009-10-31 00:14 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-31 00:00 . 2009-10-31 00:00 -------- d-----w- c:\windows\system32\zh-CHS
2009-10-31 00:00 . 2009-10-31 00:00 -------- d-----w- c:\windows\system32\drivers\zh-CN
2009-10-31 00:00 . 2009-10-31 00:00 -------- d-----w- c:\windows\system32\wbem\zh-CN
2009-10-31 00:00 . 2009-10-31 00:00 -------- d-----w- c:\windows\zh-CN
2009-10-30 23:27 . 2009-10-30 23:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-30 23:15 . 2009-10-30 23:15 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-30 23:15 . 2009-10-30 23:15 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-30 23:05 . 2009-11-03 03:48 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-10-30 22:58 . 2009-09-09 00:25 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2009-10-30 22:58 . 2009-09-09 00:24 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-10-30 22:58 . 2009-10-30 22:58 -------- d-----w- c:\windows\system32\Lang
2009-10-30 22:57 . 2009-10-30 22:58 -------- d-----w- c:\program files\Intel
2009-10-30 22:46 . 2009-10-30 22:46 -------- d-----w- c:\windows\system32\x64
2009-10-30 22:46 . 2009-08-13 13:55 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-10-30 22:45 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 00:14 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2009-10-31 00:14 . 2009-07-14 04:52 4096 d-----w- c:\program files\Windows Sidebar
2009-10-31 00:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2009-10-31 00:14 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2009-10-31 00:14 . 2009-07-14 04:52 4096 d-----w- c:\program files\Windows Defender
2009-10-31 00:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2009-10-31 00:13 . 2009-10-31 00:14 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfd.dat
2009-10-31 00:13 . 2009-10-31 00:14 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfc.dat
2009-10-31 00:13 . 2009-10-31 00:14 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfi.dat
2009-10-31 00:13 . 2009-10-31 00:14 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfh.dat
2009-10-31 00:00 . 2009-10-31 00:00 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfd.dat
2009-10-31 00:00 . 2009-10-31 00:00 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfc.dat
2009-10-31 00:00 . 2009-10-31 00:00 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfi.dat
2009-10-31 00:00 . 2009-10-31 00:00 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfh.dat
2009-10-30 23:03 . 2009-10-30 23:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-09-17 08:11 . 2009-09-17 08:11 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-10 23:26 . 2009-09-10 23:26 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-09-10 23:26 . 2009-09-10 23:26 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-10 23:23 . 2009-09-10 23:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-10 23:17 . 2009-09-10 23:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-07-14 01:26 . !HASH: COULD NOT OPEN FILE !!!!! . 21584 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"urlspace"="d:\-[4ever]-cloud\My Document\urlcore.exe" [2009-11-12 09:22 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-10 2054360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"DriveTheLife"="c:\program files\DriveTheLife\DriveTheLife.exe" [2009-11-11 3093384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-11 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-11 153624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/9/2009 7:23 AM 108792]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/7/2009 7:52 AM 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [8/11/2009 10:06 PM 81920]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/9/2009 7:24 AM 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11/9/2009 7:26 AM 38240]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/3/2009 4:28 PM 1533808]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [12/11/2009 12:09 AM 59904]
R3 IDDRV;IDDRV;c:\program files\DriveTheLife\iodrv.sys [11/11/2009 11:54 PM 11160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/11/2009 12:58 AM 122880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/11/2009 11:05 PM 189440]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [12/11/2009 12:08 AM 116136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
‘计划任务’ 文件夹 里的内容
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.x-coz.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yal76gmb.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{4A31C596-64D5-4613-83FD-D655A421588C}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.467.0"
"UniqueId"="000D2DF24AF0F0F8"
"ScannerBuild"=dword:0000174d
"ScannerVersionId"=dword:000011db
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Finished: 2009-11-13 22:00
ComboFix-quarantined-files.txt 2009-11-13 14:00

Pre-Run: 30,579,421,184 bytes free
Post-Run: 30,504,030,208 bytes free

- - End Of File - - 579A9CED598DCE514D96CC24437256F2
 

·
Microsoft-Team Manager , Hardware - Team Manager
Joined
·
68,533 Posts
Hi and welcome to TSF you have posted in the wrong forum we do not do hjt logs here but it is not a problem please go here http://www.techsupportforum.com/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html follow the instructions and copy a link to this post please try to carry out the steps and post the results if you cannot carry out a step make a note of it and include it in your post please be patient as they are pretty busy if you hear nothing after 24 to 48 hrs return to your thread and post bump this will take you back to the top of the list to be noticed
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top