nilsso Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Hei! Prøver å åpne klokka nedi hjørnet / properties på desktop så kommer følgende error: "Finner ikke c:\windows\system32\rundll32.exe. Kontroller at du skrev navnet (...)" Hvordan fikses problemet? Takk. Lenke til kommentar
Muse Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Google: http://orakelet.info/5461 Lenke til kommentar
nilsso Skrevet 7. februar 2009 Forfatter Del Skrevet 7. februar 2009 (endret) Google: http://orakelet.info/5461 Fungerer ikke, den tar standpunkt i at du har fått sircam viruset. Tydligvis har jeg ikke fått sircam, fordi det fungere ikke. Jeg prøvde å restarte i safemod, søke etter rundll32 fila, fant den der og alt funket som det skulle. Restartet igjen i valg windows, søkte etter filen og fant den ikke, ting fungerer ikke. For meg gir dette ingen mening, vet noen hva som er gale? Edit: Har i etterkant funnet en rundll32.exe fil i en annen mappe. Prøvde å flytte den inn, det fungerte ikke, renamet den og flyttet den inn; det fungerte - Prøvde å rename den til rundll32.exe, det fungerer ikke. Kan flytte alt mulig untatt filer som heter: "rundll32.exe" Endret 7. februar 2009 av nilsso Lenke til kommentar
Sajkow Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Hva med å gå i safemodus, stoppe prosessen, slette filen og så kopiere filen fra Windows CDen? Ellers så er jo det enkleste å bare installere windows på nytt ;-) Lenke til kommentar
norbat Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Mistanke om malware? Kjør gjennom veiledingen og post loggene det spørres etter her. Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Mistanke om malware? Kjør gjennom veiledingen og post loggene det spørres etter her. Malware loggen: Malwarebytes' Anti-Malware 1.25 Database versjon: 1062 Windows 5.1.2600 Service Pack 3 00:59:04 08.02.2009 mbam-log-02-08-2009 (00-59-04).txt Skanntype: Rask Skann Objekter skannet: 50044 Tid tilbakelagt: 6 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combo loggen: ComboFix 09-02-06.04 - sysop 2009-02-08 1:05:09.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1186 [GMT 1:00] Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\mm.BOT c:\programfiler\mm.BOT\Config\KeySet-1\amblxbow.cof c:\programfiler\mm.BOT\Config\KeySet-1\curindx.wav c:\programfiler\mm.BOT\Config\KeySet-1\wavindx.wav c:\programfiler\mm.BOT\Config\KeySet-2\amblxbow.cof c:\programfiler\mm.BOT\Config\KeySet-2\curindx.wav c:\programfiler\mm.BOT\Config\KeySet-2\wavindx.wav c:\programfiler\mm.BOT\Config\mm.BOT.ini c:\programfiler\mm.BOT\Config\mm.BOT.Sequences.ini c:\programfiler\mm.BOT\Config\mm.BOT.Sequences.ini.bak c:\programfiler\mm.BOT\Config\mm.BotState.ini c:\programfiler\mm.BOT\Config\mm.MultiKeys.ini c:\programfiler\mm.BOT\Config\mm.PKID.ini c:\programfiler\mm.BOT\Config\mm.PlayKeys.ini c:\programfiler\mm.BOT\Config\mmcl.PKID.Compiler.exe c:\programfiler\mm.BOT\Config\System\d2-cdkey.exe c:\programfiler\mm.BOT\Config\System\listfile.dat c:\programfiler\mm.BOT\Config\System\LMPQAPI.DLL c:\programfiler\mm.BOT\Config\System\mm.Boxes.Ref.ini c:\programfiler\mm.BOT\Config\System\mm.PKID.Ref c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.CH c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.ID c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.PK c:\programfiler\mm.BOT\Config\System\MPQ2K.exe c:\programfiler\mm.BOT\Config\System\Process.exe c:\programfiler\mm.BOT\Config\System\SFmpq.dll c:\programfiler\mm.BOT\Config\System\staredit.exe c:\programfiler\mm.BOT\Config\System\Storm.dll c:\programfiler\mm.BOT\Documents\Htm\BasicEditing.htm c:\programfiler\mm.BOT\Documents\Htm\FAQ.htm c:\programfiler\mm.BOT\Documents\Htm\img\bar.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Desktop.jpg c:\programfiler\mm.BOT\Documents\Htm\img\favicon.ico c:\programfiler\mm.BOT\Documents\Htm\img\mmbotlogo.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Notepad.ico c:\programfiler\mm.BOT\Documents\Htm\img\Pindle.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Program.ico c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot054.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot065.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot072.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot090.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot101.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot169.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Thumbs.db c:\programfiler\mm.BOT\Documents\Htm\img\Update.ico c:\programfiler\mm.BOT\Documents\Htm\Installation.htm c:\programfiler\mm.BOT\Documents\Htm\KeysSwapping.htm c:\programfiler\mm.BOT\Documents\Htm\Links.htm c:\programfiler\mm.BOT\Documents\Htm\LMenu.htm c:\programfiler\mm.BOT\Documents\Htm\MainPage.htm c:\programfiler\mm.BOT\Documents\Htm\MMisSexy.pdf c:\programfiler\mm.BOT\Documents\Htm\PKID.ByGroups.htm c:\programfiler\mm.BOT\Documents\Htm\PKID.ByItems.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdListing.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdSamples.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdSyntax.htm c:\programfiler\mm.BOT\Documents\Htm\SeqCommands.htm c:\programfiler\mm.BOT\Documents\Htm\SeqExamples.htm c:\programfiler\mm.BOT\Documents\mm.BOT.History.txt c:\programfiler\mm.BOT\Documents\mobsync.ico c:\programfiler\mm.BOT\Documents\Notepad.ico c:\programfiler\mm.BOT\Documents\Thumbs.db c:\programfiler\mm.BOT\Logs\_STATS.ini c:\programfiler\mm.BOT\Logs\ArchiveCurrent.exe c:\programfiler\mm.BOT\Logs\Compiler.txt c:\programfiler\mm.BOT\Logs\DeleteCurrent.exe c:\programfiler\mm.BOT\Logs\Events_Bot.txt c:\programfiler\mm.BOT\Logs\MMnews.ini c:\programfiler\mm.BOT\Logs\MMstatus.ini c:\programfiler\mm.BOT\Logs\SearchInLogs.au3 c:\programfiler\mm.BOT\Logs\SearchInLogs.exe c:\programfiler\mm.BOT\mm.BOT.544.exe c:\programfiler\mm.BOT\mm.BOT.MANUAL.htm c:\programfiler\mm.BOT\mm.PKID.ini c:\programfiler\mm.BOT\Scripts\Example.au3 c:\programfiler\mm.BOT\Scripts\MiddleTele.au3 c:\programfiler\mm.BOT\Scripts\mm.BOT.Include.au3 c:\programfiler\mm.BOT\Scripts\MouseToEld.au3 c:\programfiler\mm.BOT\Scripts\MouseToRed.au3 c:\programfiler\mm.BOT\Scripts\MouseToTrav.au3 c:\programfiler\mm.BOT\Scripts\potbot.au3 c:\programfiler\mm.BOT\Scripts\potbot.exe c:\programfiler\mm.BOT\Scripts\Rama.Config.au3 c:\programfiler\mm.BOT\Scripts\ScreenCompute.au3 c:\programfiler\mm.BOT\Scripts\ScreenDump.au3 c:\programfiler\mm.BOT\Scripts\ShenkMiddleTele.au3 c:\programfiler\mm.BOT\Scripts\TravLineScan.au3 c:\programfiler\mm.BOT\Scripts\TravPreAttack1.au3 c:\programfiler\mm.BOT\Scripts\TravPreAttack2.au3 c:\programfiler\mm.BOT\Scripts\WaypointFocus.au3 c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.au3 c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.exe c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.ini c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.au3 c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini c:\programfiler\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.au3 c:\programfiler\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-08 til 2009-02-08 ))))))))))))))))))))))))))))))))) . 2009-02-07 20:51 . 2008-04-14 08:23 33,280 --a------ c:\windows\system32\rundll3.exe 2009-02-07 20:50 . 2009-02-07 20:51 12,120 --a------ c:\windows\system32\rundll32.rar 2009-02-07 19:35 . 2007-10-30 14:22 0 --a------ C:\AUTOEXEC.CAM 2009-02-07 14:50 . 2009-02-07 19:35 <DIR> d-------- c:\documents and settings\sysop\.housecall6.6 2009-02-03 15:24 . 2009-02-03 15:24 <DIR> d-------- c:\programfiler\CAPCOM 2009-01-26 18:21 . 2009-01-26 18:29 98 --a------ c:\windows\h3maped.INI 2009-01-24 14:02 . 2009-01-24 14:23 <DIR> d-------- c:\programfiler\Fellesfiler\3DO Shared 2009-01-24 02:34 . 2009-01-24 14:23 <DIR> d-------- c:\programfiler\3DO 2009-01-24 02:03 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-14 22:46 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Fellesfiler\Everstrike Software 2009-01-14 22:46 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Everstrike Software 2009-01-14 22:43 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Password Protect 2009-01-13 17:50 . 2009-01-13 17:53 <DIR> d-------- c:\documents and settings\sysop\Programdata\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 19:37 96,384 ----a-w c:\windows\system32\drivers\sptd8333.sys 2009-02-07 14:06 --------- d-----w c:\programfiler\Starcraft 2009-02-04 19:06 --------- d-----w c:\documents and settings\sysop\Programdata\dvdcss 2009-02-03 14:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-24 00:43 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-24 00:43 --------- d-----w c:\programfiler\Ubisoft 2009-01-24 00:43 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-02 00:15 --------- d-----w c:\documents and settings\sysop\Programdata\DivX 2008-12-28 20:55 --------- d-----w c:\programfiler\Left 4 Dead 2008-12-27 14:20 --------- d-----w c:\programfiler\Diablo II 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-19 13:03 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-25 12:11 22,328 -c--a-w c:\documents and settings\sysop\Programdata\PnkBstrK.sys 2008-07-18 08:55 1,598,010,535 ----a-w c:\programfiler\Diablo II1.12.rar 2006-12-29 01:07 38,912 ----a-w c:\programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Steam"="c:\steam\steam.exe" [2008-10-08 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BJ Status Monitor Canon PIXMA iP3000.lnk - c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe [2008-03-03 13824] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programfiler\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856] R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?] S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-LFAgent - (no file) . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 01:06:46 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\rundll32.exe 33280 bytes executable c:\windows\system32\timedate.cpl 93696 bytes executable skanning vellykket skjulte filer: 2 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18, 30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3, 8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\ "rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-02-08 1:08:16 ComboFix-quarantined-files.txt 2009-02-08 00:08:14 ComboFix2.txt 2008-10-08 07:17:26 Pre-Run: 31 679 799 296 byte ledig Post-Run: 31,804,252,160 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 329 --- E O F --- 2009-01-15 00:18:31 Hijackthis loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:17:00, on 08.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe C:\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\CAPCOM\DEVILMAYCRY4\DevilMayCry4_DX9.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\sysop\Skrivebord\b\bob.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programfiler\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [SMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: BJ Status Monitor Canon PIXMA iP3000.lnk = C:\Documents and Settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.skoleportalen.no O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193760440125 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programfiler\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7194 bytes Takk for hjelp sålangt. Hva med å gå i safemodus, stoppe prosessen, slette filen og så kopiere filen fra Windows CDen? Ellers så er jo det enkleste å bare installere windows på nytt ;-) Det er ikke mulig å kopiere filer ved navn rundll32.exe inn, og heller ikke mulig å rename > flytte inn > rename tilbake. Endret 8. februar 2009 av nilsso Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Gå til nettstedet Virustotal, og last opp følgende fil for sjekk: c:\windows\system32\rundll3.exe Gi tilbakemelding på om det ble funnet noe og noter også MD5-verdien fila får. Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Gå til nettstedet Virustotal, og last opp følgende fil for sjekk:c:\windows\system32\rundll3.exe Gi tilbakemelding på om det ble funnet noe og noter også MD5-verdien fila får. Ah, det var bare meg som prøvde å flytte filen inn igjen og rename den til rundll32.exe(rundll3.exe var det nærmeste jeg kom, hehe.). Det er rundll32.exe fila, men som sagt fungerer det ikke å rename noe til rundll32.exe / flytte inn. Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Det er fordi rundll32.exe ligger i samme mappe. Loggen viser at den er skjult (likeså fila som starter dato/klokke-settings, timedate.cpl). Prøv følgende: Start->kjør Skriv: sfc /scannow Hvis fortsatt probl. fortsett med følgende: Sørg for å se skjulte filer og mapper: Kontrollpanel->Mappealternativer->vis Fjern merket framfor "Skjul beskyttede operativsystemfiler" Sett merke framfor "Vis skjulte filer og mapper" Gå til Start->Søk Søk i filer og mapper Skriv inn: rundll32.exe I hvilke mapper sier søket at rundll32.exe fila ligger? Det finnes også en fix for å sette registeret til default knyttet til cpl-filer (bla. timedate.cpl): http://www.dougknox.com/xp/file_assoc.htm. Last ned CPL File Association Fix Endret 8. februar 2009 av norbat Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Prøvde å laste ned cpl-filen, kjørte den, restartet; problemet fortsatt der. Søket sier at filen ligger 2 steder, følgende: C:\WINDOWS\ServicePackFiles\i386 C:\WINDOWS\SoftwareDistribution\Download\640458d0c11651636af7e639bed7ddde Filanalysen: File has already been analysed: MD5: b1d2f529dc72f42c73fb0f48c55e7898 First received: - Date: 12.20.2008 10:56:00 (CET) [>50D] Results: 0/38 Permalink: analisis/fdb3f9f5228c12f92018eec51a38baac Antivirus Version Last Update Result AhnLab-V3 2008.12.19.3 2008.12.19 - AntiVir 7.9.0.45 2008.12.19 - Authentium 5.1.0.4 2008.12.20 - Avast 4.8.1281.0 2008.12.19 - AVG 8.0.0.199 2008.12.19 - BitDefender 7.2 2008.12.20 - CAT-QuickHeal 10.00 2008.12.20 - ClamAV 0.94.1 2008.12.20 - Comodo 781 2008.12.19 - DrWeb 4.44.0.09170 2008.12.20 - eSafe 7.0.17.0 2008.12.18 - eTrust-Vet 31.6.6269 2008.12.19 - Ewido 4.0 2008.12.19 - F-Prot 4.4.4.56 2008.12.19 - F-Secure 8.0.14332.0 2008.12.20 - Fortinet 3.117.0.0 2008.12.20 - GData 19 2008.12.20 - Ikarus T3.1.1.45.0 2008.12.20 - K7AntiVirus 7.10.559 2008.12.19 - Kaspersky 7.0.0.125 2008.12.20 - McAfee 5469 2008.12.19 - McAfee+Artemis 5469 2008.12.19 - Microsoft 1.4205 2008.12.20 - NOD32 3707 2008.12.19 - Norman 5.80.02 2008.12.19 - Panda 9.0.0.4 2008.12.20 - PCTools 4.4.2.0 2008.12.19 - Prevx1 V2 2008.12.20 - Rising 21.08.52.00 2008.12.20 - SecureWeb-Gateway 6.7.6 2008.12.19 - Sophos 4.37.0 2008.12.20 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.20 - TheHacker 6.3.1.4.193 2008.12.19 - TrendMicro 8.700.0.1004 2008.12.19 - VBA32 3.12.8.10 2008.12.20 - ViRobot 2008.12.20.1528 2008.12.20 - VirusBuster 4.5.11.0 2008.12.19 - Additional information File size: 33280 bytes MD5...: b1d2f529dc72f42c73fb0f48c55e7898 SHA1..: 21076bb76292ad0ba34c6efe65cc1741c0f7b2b3 SHA256: 62d91adcc4f6eef29ba2b4aa65e7a6a884201db04cc54fcd45fb9cdfab87c02c SHA512: 8783f3beb3988915f741258fd97c5646a7f4b02a4ade536bff9764152ea2159f 8a8a002c5677b685424c3fcf09c05f7202c3c905e992e246940d6cf484a0695f ssdeep: 768:8vAOVbSEln5IyYpamDjobj8SoKvKWdVUst:XKln5IUmDjoX0KvKWdVUst PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1001bdc timedatestamp.....: 0x480252d5 (Sun Apr 13 18:37:09 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x126a 0x1400 5.98 9038b5180416ec863a8333c5caeaa438 .data 0x3000 0x38 0x200 0.25 a7f7e8f7f41d7ffb4b369fe282510650 .rsrc 0x4000 0x6728 0x6800 5.62 bb2bee9ce8200341d73bb327ffe04ee8 ( 5 imports ) > msvcrt.dll: _except_handler3, _wtoi, _vsnwprintf > KERNEL32.dll: FreeLibrary, LocalFree, lstrlenA, WideCharToMultiByte, LocalAlloc, lstrlenW, GetProcAddress, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter > GDI32.dll: GetStockObject > USER32.dll: RegisterClassW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, MessageBoxW, LoadCursorW, DestroyWindow > IMAGEHLP.dll: ImageDirectoryEntryToData ( 0 exports ) Endret 8. februar 2009 av nilsso Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 La oss prøve å hente fila fra i386-mappa og legge den i system32: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. FCopy:: C:\WINDOWS\ServicePackFiles\i386\rundll32.exe|c:\windows\system32\rundll32.exe Post loggen. Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Loggen er svært lang, skal jeg poste hele ? Endret 8. februar 2009 av nilsso Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Loggen er svært lang, skal jeg poste hele ? Endret 8. februar 2009 av nilsso Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Du kan fjerne Snapshot-filene i loggen, men post resten. Nevn også hvordan det går med problemet. Endret 8. februar 2009 av norbat Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Loggen: ComboFix 09-02-06.04 - sysop 2009-02-08 14:45:03.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1424 [GMT 1:00] Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\sysop\Skrivebord\CFScript.txt AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-08 til 2009-02-08 ))))))))))))))))))))))))))))))))) . 2009-02-08 14:11 . 2008-12-26 07:20 290,816 --a------ c:\windows\system32\nvwrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 253,952 --a------ c:\windows\system32\nvrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 211,067 --a------ c:\windows\system32\nvapps.nvb 2009-02-08 14:10 . 2008-12-26 07:20 1,650,688 --a------ c:\windows\system32\nvcuda.dll 2009-02-08 12:48 . 2009-02-08 12:48 12,126 --a------ c:\windows\system32\rundll32-1.rar 2009-02-08 03:25 . 2008-04-14 09:22 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-02-08 03:25 . 2001-08-18 06:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-02-08 03:25 . 2001-10-06 14:03 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-02-08 03:25 . 2001-10-06 14:02 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-02-08 03:25 . 2008-04-14 09:22 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-02-08 03:25 . 2001-10-06 14:03 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-02-08 03:23 . 2001-08-17 21:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-02-08 03:22 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-02-08 03:21 . 2001-10-06 14:02 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-02-08 03:21 . 2001-10-06 14:02 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-02-08 03:21 . 2001-10-06 14:02 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-02-08 03:21 . 2001-10-06 14:02 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-02-08 03:21 . 2001-08-17 20:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-02-08 03:21 . 2001-08-17 20:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-02-08 03:21 . 2001-10-06 14:02 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-02-08 03:21 . 2001-10-06 14:02 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-02-08 03:21 . 2001-08-17 21:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-02-08 03:21 . 2001-08-17 21:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-02-08 03:20 . 2001-10-06 14:02 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-02-08 03:20 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-02-08 03:20 . 2001-08-17 22:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-02-08 03:20 . 2001-08-17 20:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-02-08 03:20 . 2008-04-14 09:23 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-02-08 03:20 . 2001-10-06 14:01 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-02-08 03:20 . 2001-08-17 20:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-02-08 03:20 . 2001-10-06 14:02 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-02-08 03:20 . 2001-10-06 13:30 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-02-08 03:19 . 2001-10-06 14:02 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-02-08 03:19 . 2008-04-13 11:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-02-08 03:19 . 2001-08-17 20:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-02-08 03:19 . 2001-08-17 20:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-02-08 03:19 . 2001-10-06 14:02 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-02-08 03:19 . 2001-08-17 20:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-02-08 03:19 . 2001-08-17 20:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-02-08 03:19 . 2001-08-17 21:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-02-08 03:19 . 2001-08-17 20:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-02-08 03:19 . 2001-08-17 20:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-02-08 03:19 . 2001-08-17 21:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-02-08 03:18 . 2001-08-17 21:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-02-08 03:18 . 2001-10-06 14:02 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-02-08 03:18 . 2001-08-17 22:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-02-08 03:18 . 2001-08-17 22:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-02-08 03:18 . 2001-08-17 22:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-02-08 03:18 . 2001-08-17 22:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-02-08 03:18 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-02-08 03:18 . 2001-08-17 22:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-02-08 03:17 . 2001-10-06 13:24 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-02-08 03:17 . 2001-10-06 14:02 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-02-08 03:17 . 2001-08-17 20:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-02-08 03:17 . 2001-10-06 14:02 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-02-08 03:17 . 2001-10-06 13:23 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-02-08 03:17 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-02-08 03:16 . 2001-10-06 14:02 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-02-08 03:16 . 2001-10-06 14:02 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-02-08 03:16 . 2001-10-06 14:02 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-02-08 03:16 . 2001-08-17 21:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-02-08 03:16 . 2001-08-17 20:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-02-08 03:16 . 2001-10-06 14:02 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-02-08 03:16 . 2001-08-17 22:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-02-08 03:16 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-02-08 03:15 . 2001-10-06 14:02 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-02-08 03:15 . 2001-08-17 20:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-02-08 03:15 . 2001-08-17 20:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-02-08 03:15 . 2001-08-17 20:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-02-08 03:15 . 2001-08-17 21:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-02-08 03:15 . 2008-04-13 11:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-02-08 03:15 . 2001-08-17 21:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys 2009-02-08 03:14 . 2001-10-06 14:02 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll 2009-02-08 03:14 . 2001-10-06 13:45 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-02-08 03:14 . 2001-10-06 14:02 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll 2009-02-08 03:14 . 2001-08-17 20:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-02-08 03:14 . 2008-04-13 11:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-02-08 03:14 . 2008-04-13 11:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys 2009-02-08 03:14 . 2001-08-17 21:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys 2009-02-08 03:13 . 2001-10-06 14:02 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll 2009-02-08 03:13 . 2001-10-06 14:02 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll 2009-02-08 03:13 . 2001-10-06 14:02 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll 2009-02-08 03:13 . 2001-08-17 20:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys 2009-02-08 03:13 . 2001-10-06 13:45 94,794 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys 2009-02-08 03:13 . 2001-08-17 20:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys 2009-02-08 03:13 . 2001-08-17 20:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys 2009-02-08 03:13 . 2008-04-13 09:35 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys 2009-02-08 03:13 . 2001-08-17 20:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys 2009-02-08 03:13 . 2008-04-13 09:35 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys 2009-02-08 03:12 . 2001-10-06 14:02 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll 2009-02-08 03:12 . 2001-10-06 14:02 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll 2009-02-08 03:12 . 2001-10-06 13:43 161,600 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys 2009-02-08 03:12 . 2001-08-17 20:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys 2009-02-08 03:12 . 2001-08-17 20:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys 2009-02-08 03:12 . 2001-08-17 20:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys 2009-02-08 03:12 . 2001-07-21 22:29 18,400 --a--c--- c:\windows\system32\dllcache\sgsmld.sys 2009-02-08 03:11 . 2001-08-17 21:51 23,936 --a--c--- c:\windows\system32\dllcache\sccmusbm.sys 2009-02-08 03:11 . 2001-10-06 13:43 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys 2009-02-08 03:11 . 2001-10-06 13:42 17,280 --a--c--- c:\windows\system32\dllcache\scr111.sys 2009-02-08 03:11 . 2001-10-06 13:42 16,640 --a--c--- c:\windows\system32\dllcache\scmstcs.sys 2009-02-08 03:11 . 2001-08-17 21:52 11,648 --a--c--- c:\windows\system32\dllcache\scsiprnt.sys 2009-02-08 03:11 . 2008-04-13 11:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys 2009-02-08 03:11 . 2001-08-17 21:53 6,912 --a--c--- c:\windows\system32\dllcache\seaddsmc.sys 2009-02-08 03:11 . 2001-10-06 13:43 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys 2009-02-08 03:10 . 2001-10-06 14:01 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-02-08 03:10 . 2001-10-06 14:02 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll 2009-02-08 03:10 . 2001-10-06 14:02 210,496 --a--c--- c:\windows\system32\dllcache\s3mvirge.dll 2009-02-08 03:10 . 2001-10-06 14:02 198,400 --a--c--- c:\windows\system32\dllcache\s3sav4.dll 2009-02-08 03:10 . 2001-10-06 14:02 179,264 --a--c--- c:\windows\system32\dllcache\s3sav3d.dll 2009-02-08 03:10 . 2001-08-17 20:50 77,824 --a--c--- c:\windows\system32\dllcache\s3sav4m.sys 2009-02-08 03:10 . 2001-08-17 20:50 75,392 --a--c--- c:\windows\system32\dllcache\s3savmxm.sys 2009-02-08 03:10 . 2001-08-17 20:50 61,504 --a--c--- c:\windows\system32\dllcache\s3sav3dm.sys 2009-02-08 03:10 . 2008-04-13 11:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys 2009-02-08 03:10 . 2001-10-06 13:42 23,936 --a--c--- c:\windows\system32\dllcache\sccmn50m.sys 2009-02-08 03:09 . 2001-10-06 14:02 182,272 --a--c--- c:\windows\system32\dllcache\s3mt3d.dll 2009-02-08 03:09 . 2001-08-17 20:50 166,720 --a--c--- c:\windows\system32\dllcache\s3m.sys 2009-02-08 03:09 . 2001-10-06 14:02 82,944 --a--c--- c:\windows\system32\dllcache\rwia450.dll 2009-02-08 03:09 . 2001-10-06 14:02 80,384 --a--c--- c:\windows\system32\dllcache\rwia430.dll 2009-02-08 03:09 . 2001-08-17 21:57 65,664 --a--c--- c:\windows\system32\dllcache\s3legacy.sys 2009-02-08 03:09 . 2001-10-06 14:02 62,496 --a--c--- c:\windows\system32\dllcache\s3mtrio.dll 2009-02-08 03:09 . 2001-08-17 20:50 41,216 --a--c--- c:\windows\system32\dllcache\s3mt3d.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-08 02:34 96,384 ----a-w c:\windows\system32\drivers\sptd8333.sys 2009-02-07 14:06 --------- d-----w c:\programfiler\Starcraft 2009-02-04 19:06 --------- d-----w c:\documents and settings\sysop\Programdata\dvdcss 2009-02-03 14:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-01 20:10 --------- d-----w c:\documents and settings\sysop\Programdata\uTorrent 2009-01-24 00:43 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-24 00:43 --------- d-----w c:\programfiler\Ubisoft 2009-01-24 00:43 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-02 00:15 --------- d-----w c:\documents and settings\sysop\Programdata\DivX 2008-12-28 20:55 --------- d-----w c:\programfiler\Left 4 Dead 2008-12-27 14:20 --------- d-----w c:\programfiler\Diablo II 2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-19 13:03 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-25 12:11 22,328 -c--a-w c:\documents and settings\sysop\Programdata\PnkBstrK.sys 2008-07-18 08:55 1,598,010,535 ----a-w c:\programfiler\Diablo II1.12.rar 2006-12-29 01:07 38,912 ----a-w c:\programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Steam"="c:\steam\steam.exe" [2008-10-08 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BJ Status Monitor Canon PIXMA iP3000.lnk - c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe [2008-03-03 13824] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programfiler\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856] R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?] S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 14:48:08 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\timedate.cpl 93696 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18, 30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3, 8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\ "rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-02-08 14:49:39 ComboFix-quarantined-files.txt 2009-02-08 13:49:36 ComboFix2.txt 2009-02-08 00:08:17 ComboFix3.txt 2008-10-08 07:17:26 Pre-Run: 30 983 241 728 byte ledig Post-Run: 30,977,015,808 byte ledig 2608 --- E O F --- 2009-01-15 00:18:31 Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Kan du også søke etter fila timedate.cpl og fortelle hvor denne file ligger? Edit: Sjekk om rundll32.exe nå kan sees i system32-mappa. Endret 8. februar 2009 av norbat Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Kan du også søke etter fila timedate.cpl og fortelle hvor denne file ligger? Edit: Sjekk om rundll32.exe nå kan sees i system32-mappa. timedate.cpl ligger i: C:\WINDOWS\ServicePackFiles\i386 C:\WINDOWS\SoftwareDistribution\Download\640458d0c11651636af7e639bed7ddde rundll32.exe syns ikke i system32 mappen Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Og du får fortsatt samme feilmelding når du prøver å åpne 'klokka'? Hva skjer om du skriver timedate.cpl i kjør-feltet? Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Og du får fortsatt samme feilmelding når du prøver å åpne 'klokka'?Hva skjer om du skriver timedate.cpl i kjør-feltet? På klokka kommer det fortsatt opp finner ikke rundll32.exe timedate.cpl i kjørfelt -> finner ikke timedate.cpl Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Lag deg et nytt cfscript.txt med følgende innhold som du drar over combofix-iconet: FCopy:: C:\WINDOWS\ServicePackFiles\i386\timedate.cpl|c:\windows\system32\timedate.cpl Post loggen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå