Tdnoz Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 naboen plages med maskinen sin og der er litt dritt på den, fant noen men tørr ikke gjøre så mye uten litt hjelp Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:45:05, on 14.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sbdhost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec AntiVirus\DoScan.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows File_System] sbdhost.exe O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [d04a1534] rundll32.exe "C:\WINDOWS\system32\gqbqldkk.dll",b O4 - HKLM\..\RunServices: [Windows File_System] sbdhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [09356391795292314553350518088158] C:\Programfiler\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222820769296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: yqenvm.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 5345 bytes Lenke til kommentar
norbat Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 Følg veiledningen og post loggene her i din egen tråd. Lenke til kommentar
Tdnoz Skrevet 14. oktober 2008 Forfatter Del Skrevet 14. oktober 2008 Malwarebytes' Anti-Malware 1.28 Database versjon: 1268 Windows 5.1.2600 Service Pack 3 14.10.2008 20:34:36 mbam-log-2008-10-14 (20-34-36).txt Skanntype: Rask Skann Objekter skannet: 40056 Tid tilbakelagt: 5 minute(s), 40 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 4 Registernøkler infisert: 13 Registerverdier infisert: 7 Registerfiler infisert: 2 Mapper infisert: 0 Filer infisert: 18 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\gqbqldkk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rqRLebxx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\urqOFuVo.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\yqenvm.dll (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9c2baff-dd00-4ed3-acba-bf03b8f42c4d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqofuvo (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a9c2baff-dd00-4ed3-acba-bf03b8f42c4d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec908ab1-bcfe-4874-acde-7b6de4ca82f7} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ec908ab1-bcfe-4874-acde-7b6de4ca82f7} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9b91b72-e070-4c87-af0d-2a3fa5065302} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f9b91b72-e070-4c87-af0d-2a3fa5065302} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d04a1534 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a9c2baff-dd00-4ed3-acba-bf03b8f42c4d} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run9356391795292314553350518088158 (Rogue.Antivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows file_system (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\windows file_system (Backdoor.Bot) -> Delete on reboot. Registerfiler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrlebxx -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrlebxx -> Delete on reboot. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\urqOFuVo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rqRLebxx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xxbeLRqr.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xxbeLRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yqenvm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gqbqldkk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kkdlqbqg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsrc.dll (Adware.Search Toolbar) -> Delete on reboot. C:\WINDOWS\system32\fijxxsfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdnpiwgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iybdchav.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyayYpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dyeari.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kwfosc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ieexplorer32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sbdhost.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS342d.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Lenke til kommentar
r2d290 Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 Fint. Går ut ifra at du har tenkt å fortsette med det andre som står i veiledningen? Lenke til kommentar
Tdnoz Skrevet 14. oktober 2008 Forfatter Del Skrevet 14. oktober 2008 (endret) ComboFix 08-10-14.01 - 2008-10-14 20:41:54.1 - NTFSx86 Running from: C:\Documents and Settings\xx\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\ODCTOOLS C:\WINDOWS\system32\ahiahbys.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\EMUFNUtv.ini C:\WINDOWS\system32\EMUFNUtv.ini2 C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\rdgxqblv.ini C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 ))))))))))))))))))))))))))))))) . 2008-10-14 20:25 . 2008-10-14 20:34 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-14 20:25 . 2008-10-14 20:25 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Malwarebytes 2008-10-14 20:25 . 2008-10-14 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-14 20:25 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 20:25 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-14 20:24 . 2008-10-14 20:34 <DIR> dr-h----- C:\Documents and Settings\Grethe Larsen\Siste 2008-10-14 20:22 . 2008-10-14 20:22 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-14 20:21 . 2008-10-14 20:24 <DIR> d-------- C:\anti virus 2008-10-14 19:41 . 2008-10-14 19:41 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-14 01:44 . 2008-10-14 01:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-10-14 01:41 . 2008-10-14 01:41 0 --a------ C:\WINDOWS\vpc32.INI 2008-10-14 00:45 . 2008-10-14 00:45 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-10-14 00:18 . 2008-10-14 00:20 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-14 00:18 . 2008-10-14 00:20 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-14 00:18 . 2008-10-14 00:20 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-14 00:18 . 2008-10-14 00:20 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-14 00:17 . 2008-10-14 20:51 <DIR> d-------- C:\Programfiler\Symantec AntiVirus 2008-10-14 00:17 . 2008-10-14 00:20 <DIR> d-------- C:\Programfiler\Symantec 2008-10-14 00:17 . 2008-10-14 00:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-10-14 00:17 . 2008-10-14 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec 2008-10-12 23:56 . 2008-10-14 01:59 <DIR> d-------- C:\Programfiler\Mystery Case Files Ravenhearst 2008-10-12 20:53 . 2008-10-12 20:53 <DIR> d-------- C:\Programfiler\10 Days Under The Sea 2008-10-12 20:37 . 2008-10-12 20:37 <DIR> d-------- C:\Programfiler\Magic Academy 2008-10-12 20:37 . 2008-10-12 20:37 <DIR> d-------- C:\Programfiler\BFG 2008-10-12 17:46 . 2008-10-12 17:46 56,320 --a------ C:\WINDOWS\system32\chkscs.exe 2008-10-12 07:12 . 2008-10-12 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\JollyBear 2008-10-12 06:34 . 2008-10-12 06:34 <DIR> d-------- C:\Programfiler\Big City Adventure - Sydney Australia 2008-10-12 04:11 . 2008-10-12 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\EscapeTheMuseum 2008-10-12 03:02 . 2008-10-12 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SpinTop Games 2008-10-12 02:32 . 2008-10-12 02:32 <DIR> d-------- C:\Programfiler\Mystery PI The Vegas Heist 2008-10-12 02:26 . 2008-10-12 02:26 <DIR> d-------- C:\My Games 2008-10-11 23:44 . 2008-10-11 23:46 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\SecretIslandEng 2008-10-11 23:21 . 2008-10-12 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AlawarWrapper 2008-10-11 23:19 . 2008-10-12 02:26 <DIR> d-------- C:\Programfiler\Alawar 2008-10-11 20:35 . 2008-10-11 20:35 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Games 2008-10-11 20:23 . 2008-10-11 20:24 <DIR> d-------- C:\Programfiler\Sherlock Holmes - The Mystery of the Persian Carpet 2008-10-11 05:17 . 2008-10-11 05:17 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-11 02:37 . 2008-10-11 02:37 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\JoyBits 2008-10-11 00:57 . 2008-10-11 00:57 <DIR> d-------- C:\Programfiler\Patriot Games 2008-10-10 23:50 . 2008-10-10 23:51 <DIR> d-------- C:\WINDOWS\Dream Chronicles 2 2008-10-10 23:50 . 2008-10-14 19:35 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-10 23:21 . 2008-10-12 06:57 <DIR> d-------- C:\Programfiler\Escape the Museum 2008-10-10 22:39 . 2008-10-10 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TERMINAL Studio 2008-10-10 22:38 . 2008-10-10 22:39 <DIR> d-------- C:\Programfiler\The Rise Of Atlantis en Español 2008-10-10 21:17 . 2008-10-10 21:17 <DIR> d-------- C:\WINDOWS\Fishdom 2008-10-10 20:27 . 2008-10-10 20:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-09 03:33 . 2008-10-10 20:09 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\ForgottenRiddles2 2008-10-09 03:22 . 2008-10-10 20:27 <DIR> d-------- C:\Programfiler\Forgotten Riddles The Moonlight Sonatas 2008-10-09 03:11 . 2008-10-09 03:11 <DIR> d-------- C:\games 2008-10-08 02:22 . 2008-10-08 02:22 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\GameInvest 2008-10-08 02:22 . 2008-10-08 02:22 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-10-08 02:14 . 2008-10-08 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BigFishGamesCache 2008-10-06 15:48 . 2008-10-06 15:48 <DIR> d-------- C:\Programfiler\LeeGTs Games 2008-10-06 15:12 . 2008-10-06 15:13 <DIR> d-------- C:\Programfiler\ahead 2008-10-06 14:59 . 2008-10-06 14:59 <DIR> d-------- C:\Programfiler\MSI 2008-10-06 14:58 . 2008-10-06 14:58 <DIR> d-------- C:\Programfiler\InstallShield Installation Information 2008-10-05 05:42 . 2008-10-10 20:27 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-10-05 05:42 . 2008-10-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-10-04 04:57 . 2008-10-04 04:57 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\PlayFirst 2008-10-01 08:25 . 2008-10-06 13:01 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\MysteryStudio 2008-10-01 08:24 . 2008-10-10 20:31 <DIR> d-------- C:\Programfiler\The Lost Cases of Sherlock Holmes(2) 2008-10-01 07:50 . 2008-10-10 23:50 <DIR> d-------- C:\Programfiler\Dream Chronicles 2 2008-10-01 07:33 . 2008-10-01 07:33 <DIR> d-------- C:\Programfiler\ReflexiveArcade 2008-10-01 07:20 . 2008-10-12 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia 2008-10-01 07:00 . 2008-10-01 07:00 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Playrix Entertainment 2008-10-01 06:54 . 2008-10-10 21:17 <DIR> d-------- C:\Programfiler\Fishdom 2008-10-01 05:58 . 2008-10-01 05:59 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-10-01 05:57 . 2008-10-01 05:57 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-10-01 05:57 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-10-01 05:56 . 2008-10-01 05:57 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Contacts 2008-10-01 05:55 . 2008-10-10 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-10-01 05:32 . 2008-10-10 20:37 <DIR> d-------- C:\Programfiler\Windows Live 2008-10-01 05:32 . 2008-10-01 05:52 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-10-01 05:32 . 2008-10-01 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-10-01 05:26 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-01 05:23 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-01 05:04 . 2008-10-10 20:29 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-01 05:04 . 2008-10-10 20:29 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-01 05:04 . 2008-10-05 05:29 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-01 04:55 . 2008-10-01 04:55 <DIR> d-------- C:\WINDOWS\EHome 2008-10-01 03:24 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-10-01 03:22 . 2004-08-04 00:54 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-10-01 03:05 . 2008-10-01 03:05 2,422 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-01 02:26 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-01 02:26 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-01 02:12 . 2008-10-01 06:46 <DIR> d-------- C:\Programfiler\BitLord 2008-10-01 02:08 . 2008-10-01 02:08 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 125368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=yqenvm.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= . Contents of the 'Scheduled Tasks' folder 2008-10-14 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 20:50:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Symantec AntiVirus\DoScan.exe . ************************************************************************** . Completion time: 2008-10-14 20:52:39 - machine was rebooted [Grethe Larsen] ComboFix-quarantined-files.txt 2008-10-14 18:52:27 Pre-Run: 108 126 191 616 byte ledig Post-Run: 108,398,206,976 byte ledig 185 --- E O F --- 2008-10-01 03:38:49 Endret 14. oktober 2008 av Tdnoz Lenke til kommentar
Tdnoz Skrevet 14. oktober 2008 Forfatter Del Skrevet 14. oktober 2008 ny high jack logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:36, on 14.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Windows Live Toolbar\msn_sl.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222820769296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: yqenvm.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 4979 bytes Lenke til kommentar
norbat Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 Sjekk følgende fil på nettstedet Virustotal.com C:\WINDOWS\system32\chkscs.exe Gi tilbakemelding på om det ble funnet noe på fila. Åpne Notisblokk, kopier inn et som står i fet skrift under, lagre fila på skrivebordet med filnavnet CFScript. Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen DirLook:: C:\anti virus File:: C:\WINDOWS\vpc32.INI Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Post den nye combofx-loggen. Lenke til kommentar
Tdnoz Skrevet 22. oktober 2008 Forfatter Del Skrevet 22. oktober 2008 File chkscs.exe received on 10.22.2008 18:31:51 (CET)Antivirus Version Last Update Result AhnLab-V3 2008.10.22.0 2008.10.22 - AntiVir 7.9.0.5 2008.10.22 - Authentium 5.1.0.4 2008.10.22 - Avast 4.8.1248.0 2008.10.22 Win32:Trojan-gen {Other} AVG 8.0.0.161 2008.10.22 - BitDefender 7.2 2008.10.22 - CAT-QuickHeal 9.50 2008.10.22 - ClamAV 0.93.1 2008.10.22 - DrWeb 4.44.0.09170 2008.10.22 Trojan.DownLoad.5198 eSafe 7.0.17.0 2008.10.22 Suspicious File eTrust-Vet 31.6.6163 2008.10.22 - Ewido 4.0 2008.10.22 - F-Prot 4.4.4.56 2008.10.22 - F-Secure 8.0.14332.0 2008.10.22 Trojan-Downloader.Win32.Agent.ajnb Fortinet 3.113.0.0 2008.10.22 - GData 19 2008.10.22 Win32:Trojan-gen {Other} Ikarus T3.1.1.44.0 2008.10.22 Backdoor.Win32.Beastdoor K7AntiVirus 7.10.503 2008.10.22 - Kaspersky 7.0.0.125 2008.10.22 Trojan-Downloader.Win32.Agent.ajnb McAfee 5411 2008.10.22 - Microsoft 1.4005 2008.10.22 TrojanDownloader:Win32/Zlob.gen!CD NOD32 3546 2008.10.22 a variant of Win32/TrojanDownloader.Zlob.CQR Norman 5.80.02 2008.10.22 - Panda 9.0.0.4 2008.10.22 - PCTools 4.4.2.0 2008.10.22 - Prevx1 V2 2008.10.22 Suspicious Rising 20.67.22.00 2008.10.22 Trojan.Win32.Undef.rlg SecureWeb-Gateway 6.7.6 2008.10.22 - Sophos 4.34.0 2008.10.22 - Sunbelt 3.1.1742.1 2008.10.21 - Symantec 10 2008.10.22 - TheHacker 6.3.1.0.123 2008.10.22 - TrendMicro 8.700.0.1004 2008.10.22 PAK_Generic.001 VBA32 3.12.8.8 2008.10.22 Backdoor.Win32.Bifrose.aci ViRobot 2008.10.22.1432 2008.10.22 - VirusBuster 4.5.11.0 2008.10.22 - Lenke til kommentar
Tdnoz Skrevet 22. oktober 2008 Forfatter Del Skrevet 22. oktober 2008 ComboFix 08-10-21.05 - Grethe Larsen 2008-10-22 18:46:29.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.459 [GMT 2:00] Running from: C:\Documents and Settings\Grethe Larsen\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Grethe Larsen\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\vpc32.INI . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\vpc32.INI . ((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 ))))))))))))))))))))))))))))))) . 2008-10-20 08:23 . 2008-10-20 08:24 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Magic Academy 2008-10-16 00:13 . 2008-10-16 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PlayFirst 2008-10-14 20:25 . 2008-10-14 20:34 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-14 20:25 . 2008-10-14 20:25 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Malwarebytes 2008-10-14 20:25 . 2008-10-14 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-14 20:25 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 20:25 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-14 20:24 . 2008-10-22 18:30 <DIR> dr-h----- C:\Documents and Settings\Grethe Larsen\Siste 2008-10-14 20:22 . 2008-10-14 20:22 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-14 20:21 . 2008-10-14 20:24 <DIR> d-------- C:\anti virus 2008-10-14 19:41 . 2008-10-14 19:41 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-14 01:44 . 2008-10-14 01:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-10-14 00:45 . 2008-10-14 00:45 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-10-14 00:18 . 2008-10-14 00:20 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-14 00:18 . 2008-10-14 00:20 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-14 00:18 . 2008-10-14 00:20 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-14 00:18 . 2008-10-14 00:20 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-14 00:17 . 2008-10-22 16:13 <DIR> d-------- C:\Programfiler\Symantec AntiVirus 2008-10-14 00:17 . 2008-10-14 00:20 <DIR> d-------- C:\Programfiler\Symantec 2008-10-14 00:17 . 2008-10-14 00:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-10-14 00:17 . 2008-10-14 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec 2008-10-12 23:56 . 2008-10-22 16:13 <DIR> d-------- C:\Programfiler\Mystery Case Files Ravenhearst 2008-10-12 20:53 . 2008-10-12 20:53 <DIR> d-------- C:\Programfiler\10 Days Under The Sea 2008-10-12 20:37 . 2008-10-12 20:37 <DIR> d-------- C:\Programfiler\Magic Academy 2008-10-12 20:37 . 2008-10-12 20:37 <DIR> d-------- C:\Programfiler\BFG 2008-10-12 17:46 . 2008-10-12 17:46 56,320 --a------ C:\WINDOWS\system32\chkscs.exe 2008-10-12 07:12 . 2008-10-12 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\JollyBear 2008-10-12 06:34 . 2008-10-12 06:34 <DIR> d-------- C:\Programfiler\Big City Adventure - Sydney Australia 2008-10-12 04:11 . 2008-10-12 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\EscapeTheMuseum 2008-10-12 03:02 . 2008-10-12 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SpinTop Games 2008-10-12 02:32 . 2008-10-12 02:32 <DIR> d-------- C:\Programfiler\Mystery PI The Vegas Heist 2008-10-12 02:26 . 2008-10-12 02:26 <DIR> d-------- C:\My Games 2008-10-11 23:44 . 2008-10-11 23:46 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\SecretIslandEng 2008-10-11 23:21 . 2008-10-21 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AlawarWrapper 2008-10-11 23:19 . 2008-10-12 02:26 <DIR> d-------- C:\Programfiler\Alawar 2008-10-11 20:35 . 2008-10-11 20:35 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Games 2008-10-11 20:23 . 2008-10-11 20:24 <DIR> d-------- C:\Programfiler\Sherlock Holmes - The Mystery of the Persian Carpet 2008-10-11 05:17 . 2008-10-11 05:17 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-11 02:37 . 2008-10-11 02:37 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\JoyBits 2008-10-11 00:57 . 2008-10-11 00:57 <DIR> d-------- C:\Programfiler\Patriot Games 2008-10-10 23:50 . 2008-10-10 23:51 <DIR> d-------- C:\WINDOWS\Dream Chronicles 2 2008-10-10 23:50 . 2008-10-14 19:35 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-10 23:21 . 2008-10-21 02:34 <DIR> d-------- C:\Programfiler\Escape the Museum 2008-10-10 22:39 . 2008-10-10 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TERMINAL Studio 2008-10-10 22:38 . 2008-10-10 22:39 <DIR> d-------- C:\Programfiler\The Rise Of Atlantis en Español 2008-10-10 21:17 . 2008-10-10 21:17 <DIR> d-------- C:\WINDOWS\Fishdom 2008-10-10 20:27 . 2008-10-10 20:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-09 03:33 . 2008-10-10 20:09 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\ForgottenRiddles2 2008-10-09 03:22 . 2008-10-10 20:27 <DIR> d-------- C:\Programfiler\Forgotten Riddles The Moonlight Sonatas 2008-10-09 03:11 . 2008-10-09 03:11 <DIR> d-------- C:\games 2008-10-08 02:22 . 2008-10-08 02:22 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\GameInvest 2008-10-08 02:22 . 2008-10-08 02:22 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-10-08 02:14 . 2008-10-08 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BigFishGamesCache 2008-10-06 15:48 . 2008-10-06 15:48 <DIR> d-------- C:\Programfiler\LeeGTs Games 2008-10-06 15:12 . 2008-10-06 15:13 <DIR> d-------- C:\Programfiler\ahead 2008-10-06 14:59 . 2008-10-06 14:59 <DIR> d-------- C:\Programfiler\MSI 2008-10-06 14:58 . 2008-10-06 14:58 <DIR> d-------- C:\Programfiler\InstallShield Installation Information 2008-10-05 05:42 . 2008-10-10 20:27 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-10-05 05:42 . 2008-10-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-10-04 04:57 . 2008-10-04 04:57 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\PlayFirst 2008-10-01 08:25 . 2008-10-06 13:01 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\MysteryStudio 2008-10-01 08:24 . 2008-10-10 20:31 <DIR> d-------- C:\Programfiler\The Lost Cases of Sherlock Holmes(2) 2008-10-01 07:50 . 2008-10-10 23:50 <DIR> d-------- C:\Programfiler\Dream Chronicles 2 2008-10-01 07:33 . 2008-10-01 07:33 <DIR> d-------- C:\Programfiler\ReflexiveArcade 2008-10-01 07:20 . 2008-10-12 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia 2008-10-01 07:00 . 2008-10-01 07:00 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Programdata\Playrix Entertainment 2008-10-01 06:54 . 2008-10-10 21:17 <DIR> d-------- C:\Programfiler\Fishdom 2008-10-01 05:58 . 2008-10-01 05:59 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-10-01 05:57 . 2008-10-01 05:57 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-10-01 05:57 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-10-01 05:56 . 2008-10-01 05:57 <DIR> d-------- C:\Documents and Settings\Grethe Larsen\Contacts 2008-10-01 05:55 . 2008-10-10 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-10-01 05:32 . 2008-10-10 20:37 <DIR> d-------- C:\Programfiler\Windows Live 2008-10-01 05:32 . 2008-10-01 05:52 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-10-01 05:32 . 2008-10-01 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-10-01 05:26 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-01 05:24 . 2008-06-23 18:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-01 05:24 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-10-01 05:24 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-10-01 05:24 . 2008-06-23 18:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-10-01 05:24 . 2008-06-23 18:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-10-01 05:24 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-01 05:24 . 2008-06-23 18:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-10-01 05:24 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-01 05:24 . 2008-06-23 18:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-10-01 05:24 . 2008-06-23 18:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-10-01 05:24 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-10-01 05:23 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-01 05:04 . 2008-10-10 20:29 <DIR> d-------- C:\WINDOWS\system32\no 2008-10-01 05:04 . 2008-10-10 20:29 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-01 05:04 . 2008-10-05 05:29 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-01 04:55 . 2008-10-01 04:55 <DIR> d-------- C:\WINDOWS\EHome 2008-10-01 03:24 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-10-01 03:22 . 2004-08-04 00:54 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-10-01 03:05 . 2008-10-01 03:05 2,422 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-01 02:26 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-01 02:26 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-01 02:12 . 2008-10-01 06:46 <DIR> d-------- C:\Programfiler\BitLord 2008-10-01 02:08 . 2008-10-01 02:08 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\anti virus ---- 2008-10-14 20:24 2189864 --a------ C:\anti virus\mbam-setup.exe 2008-10-14 20:22 2934168 --a------ C:\anti virus\ccsetup212.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 125368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-10-22 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-22 18:52:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-22 18:53:38 ComboFix-quarantined-files.txt 2008-10-22 16:53:32 ComboFix2.txt 2008-10-22 16:44:54 ComboFix3.txt 2008-10-14 18:52:41 Pre-Run: 108 342 345 728 byte ledig Post-Run: 108,334,518,272 byte ledig 170 --- E O F --- 2008-10-01 03:38:49 Lenke til kommentar
norbat Skrevet 22. oktober 2008 Del Skrevet 22. oktober 2008 Fjern fila: C:\WINDOWS\system32\chkscs.exe (bruk utforsker til å finne og slette den) Hvis du ikke får slettet fila, kan du gjøre følgende: Start Malwarebytes Anti-malware og velg arkfanen 'Flere verktøy' Under 'FileASSASSIN', klikker du 'Kjør verktøy' Resten tror jeg du vil skjønne.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå