nilsso Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Hei! Prøver å åpne klokka nedi hjørnet / properties på desktop så kommer følgende error: "Finner ikke c:\windows\system32\rundll32.exe. Kontroller at du skrev navnet (...)" Hvordan fikses problemet? Takk. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/
Muse Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Google: http://orakelet.info/5461 Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13041751
nilsso Skrevet 7. februar 2009 Forfatter Del Skrevet 7. februar 2009 (endret) Google: http://orakelet.info/5461 Fungerer ikke, den tar standpunkt i at du har fått sircam viruset. Tydligvis har jeg ikke fått sircam, fordi det fungere ikke. Jeg prøvde å restarte i safemod, søke etter rundll32 fila, fant den der og alt funket som det skulle. Restartet igjen i valg windows, søkte etter filen og fant den ikke, ting fungerer ikke. For meg gir dette ingen mening, vet noen hva som er gale? Edit: Har i etterkant funnet en rundll32.exe fil i en annen mappe. Prøvde å flytte den inn, det fungerte ikke, renamet den og flyttet den inn; det fungerte - Prøvde å rename den til rundll32.exe, det fungerer ikke. Kan flytte alt mulig untatt filer som heter: "rundll32.exe" Endret 7. februar 2009 av nilsso Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13044143
Sajkow Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Hva med å gå i safemodus, stoppe prosessen, slette filen og så kopiere filen fra Windows CDen? Ellers så er jo det enkleste å bare installere windows på nytt ;-) Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13044756
norbat Skrevet 7. februar 2009 Del Skrevet 7. februar 2009 Mistanke om malware? Kjør gjennom veiledingen og post loggene det spørres etter her. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13044774
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Mistanke om malware? Kjør gjennom veiledingen og post loggene det spørres etter her. Malware loggen: Malwarebytes' Anti-Malware 1.25 Database versjon: 1062 Windows 5.1.2600 Service Pack 3 00:59:04 08.02.2009 mbam-log-02-08-2009 (00-59-04).txt Skanntype: Rask Skann Objekter skannet: 50044 Tid tilbakelagt: 6 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combo loggen: ComboFix 09-02-06.04 - sysop 2009-02-08 1:05:09.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1186 [GMT 1:00] Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\mm.BOT c:\programfiler\mm.BOT\Config\KeySet-1\amblxbow.cof c:\programfiler\mm.BOT\Config\KeySet-1\curindx.wav c:\programfiler\mm.BOT\Config\KeySet-1\wavindx.wav c:\programfiler\mm.BOT\Config\KeySet-2\amblxbow.cof c:\programfiler\mm.BOT\Config\KeySet-2\curindx.wav c:\programfiler\mm.BOT\Config\KeySet-2\wavindx.wav c:\programfiler\mm.BOT\Config\mm.BOT.ini c:\programfiler\mm.BOT\Config\mm.BOT.Sequences.ini c:\programfiler\mm.BOT\Config\mm.BOT.Sequences.ini.bak c:\programfiler\mm.BOT\Config\mm.BotState.ini c:\programfiler\mm.BOT\Config\mm.MultiKeys.ini c:\programfiler\mm.BOT\Config\mm.PKID.ini c:\programfiler\mm.BOT\Config\mm.PlayKeys.ini c:\programfiler\mm.BOT\Config\mmcl.PKID.Compiler.exe c:\programfiler\mm.BOT\Config\System\d2-cdkey.exe c:\programfiler\mm.BOT\Config\System\listfile.dat c:\programfiler\mm.BOT\Config\System\LMPQAPI.DLL c:\programfiler\mm.BOT\Config\System\mm.Boxes.Ref.ini c:\programfiler\mm.BOT\Config\System\mm.PKID.Ref c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.CH c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.ID c:\programfiler\mm.BOT\Config\System\mm.PKID.Usr.PK c:\programfiler\mm.BOT\Config\System\MPQ2K.exe c:\programfiler\mm.BOT\Config\System\Process.exe c:\programfiler\mm.BOT\Config\System\SFmpq.dll c:\programfiler\mm.BOT\Config\System\staredit.exe c:\programfiler\mm.BOT\Config\System\Storm.dll c:\programfiler\mm.BOT\Documents\Htm\BasicEditing.htm c:\programfiler\mm.BOT\Documents\Htm\FAQ.htm c:\programfiler\mm.BOT\Documents\Htm\img\bar.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Desktop.jpg c:\programfiler\mm.BOT\Documents\Htm\img\favicon.ico c:\programfiler\mm.BOT\Documents\Htm\img\mmbotlogo.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Notepad.ico c:\programfiler\mm.BOT\Documents\Htm\img\Pindle.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Program.ico c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot054.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot065.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot072.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot090.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot101.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Screenshot169.jpg c:\programfiler\mm.BOT\Documents\Htm\img\Thumbs.db c:\programfiler\mm.BOT\Documents\Htm\img\Update.ico c:\programfiler\mm.BOT\Documents\Htm\Installation.htm c:\programfiler\mm.BOT\Documents\Htm\KeysSwapping.htm c:\programfiler\mm.BOT\Documents\Htm\Links.htm c:\programfiler\mm.BOT\Documents\Htm\LMenu.htm c:\programfiler\mm.BOT\Documents\Htm\MainPage.htm c:\programfiler\mm.BOT\Documents\Htm\MMisSexy.pdf c:\programfiler\mm.BOT\Documents\Htm\PKID.ByGroups.htm c:\programfiler\mm.BOT\Documents\Htm\PKID.ByItems.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdListing.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdSamples.htm c:\programfiler\mm.BOT\Documents\Htm\PkIdSyntax.htm c:\programfiler\mm.BOT\Documents\Htm\SeqCommands.htm c:\programfiler\mm.BOT\Documents\Htm\SeqExamples.htm c:\programfiler\mm.BOT\Documents\mm.BOT.History.txt c:\programfiler\mm.BOT\Documents\mobsync.ico c:\programfiler\mm.BOT\Documents\Notepad.ico c:\programfiler\mm.BOT\Documents\Thumbs.db c:\programfiler\mm.BOT\Logs\_STATS.ini c:\programfiler\mm.BOT\Logs\ArchiveCurrent.exe c:\programfiler\mm.BOT\Logs\Compiler.txt c:\programfiler\mm.BOT\Logs\DeleteCurrent.exe c:\programfiler\mm.BOT\Logs\Events_Bot.txt c:\programfiler\mm.BOT\Logs\MMnews.ini c:\programfiler\mm.BOT\Logs\MMstatus.ini c:\programfiler\mm.BOT\Logs\SearchInLogs.au3 c:\programfiler\mm.BOT\Logs\SearchInLogs.exe c:\programfiler\mm.BOT\mm.BOT.544.exe c:\programfiler\mm.BOT\mm.BOT.MANUAL.htm c:\programfiler\mm.BOT\mm.PKID.ini c:\programfiler\mm.BOT\Scripts\Example.au3 c:\programfiler\mm.BOT\Scripts\MiddleTele.au3 c:\programfiler\mm.BOT\Scripts\mm.BOT.Include.au3 c:\programfiler\mm.BOT\Scripts\MouseToEld.au3 c:\programfiler\mm.BOT\Scripts\MouseToRed.au3 c:\programfiler\mm.BOT\Scripts\MouseToTrav.au3 c:\programfiler\mm.BOT\Scripts\potbot.au3 c:\programfiler\mm.BOT\Scripts\potbot.exe c:\programfiler\mm.BOT\Scripts\Rama.Config.au3 c:\programfiler\mm.BOT\Scripts\ScreenCompute.au3 c:\programfiler\mm.BOT\Scripts\ScreenDump.au3 c:\programfiler\mm.BOT\Scripts\ShenkMiddleTele.au3 c:\programfiler\mm.BOT\Scripts\TravLineScan.au3 c:\programfiler\mm.BOT\Scripts\TravPreAttack1.au3 c:\programfiler\mm.BOT\Scripts\TravPreAttack2.au3 c:\programfiler\mm.BOT\Scripts\WaypointFocus.au3 c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.au3 c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.exe c:\programfiler\mm.BOT\Tools\mm.FList\mm.FList.ini c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.au3 c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe c:\programfiler\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini c:\programfiler\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.au3 c:\programfiler\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-08 til 2009-02-08 ))))))))))))))))))))))))))))))))) . 2009-02-07 20:51 . 2008-04-14 08:23 33,280 --a------ c:\windows\system32\rundll3.exe 2009-02-07 20:50 . 2009-02-07 20:51 12,120 --a------ c:\windows\system32\rundll32.rar 2009-02-07 19:35 . 2007-10-30 14:22 0 --a------ C:\AUTOEXEC.CAM 2009-02-07 14:50 . 2009-02-07 19:35 <DIR> d-------- c:\documents and settings\sysop\.housecall6.6 2009-02-03 15:24 . 2009-02-03 15:24 <DIR> d-------- c:\programfiler\CAPCOM 2009-01-26 18:21 . 2009-01-26 18:29 98 --a------ c:\windows\h3maped.INI 2009-01-24 14:02 . 2009-01-24 14:23 <DIR> d-------- c:\programfiler\Fellesfiler\3DO Shared 2009-01-24 02:34 . 2009-01-24 14:23 <DIR> d-------- c:\programfiler\3DO 2009-01-24 02:03 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-14 22:46 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Fellesfiler\Everstrike Software 2009-01-14 22:46 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Everstrike Software 2009-01-14 22:43 . 2009-01-14 22:46 <DIR> d-------- c:\programfiler\Password Protect 2009-01-13 17:50 . 2009-01-13 17:53 <DIR> d-------- c:\documents and settings\sysop\Programdata\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 19:37 96,384 ----a-w c:\windows\system32\drivers\sptd8333.sys 2009-02-07 14:06 --------- d-----w c:\programfiler\Starcraft 2009-02-04 19:06 --------- d-----w c:\documents and settings\sysop\Programdata\dvdcss 2009-02-03 14:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-24 00:43 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-24 00:43 --------- d-----w c:\programfiler\Ubisoft 2009-01-24 00:43 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-02 00:15 --------- d-----w c:\documents and settings\sysop\Programdata\DivX 2008-12-28 20:55 --------- d-----w c:\programfiler\Left 4 Dead 2008-12-27 14:20 --------- d-----w c:\programfiler\Diablo II 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-19 13:03 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-25 12:11 22,328 -c--a-w c:\documents and settings\sysop\Programdata\PnkBstrK.sys 2008-07-18 08:55 1,598,010,535 ----a-w c:\programfiler\Diablo II1.12.rar 2006-12-29 01:07 38,912 ----a-w c:\programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Steam"="c:\steam\steam.exe" [2008-10-08 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BJ Status Monitor Canon PIXMA iP3000.lnk - c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe [2008-03-03 13824] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programfiler\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856] R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?] S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-LFAgent - (no file) . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 01:06:46 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\rundll32.exe 33280 bytes executable c:\windows\system32\timedate.cpl 93696 bytes executable skanning vellykket skjulte filer: 2 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18, 30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3, 8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\ "rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-02-08 1:08:16 ComboFix-quarantined-files.txt 2009-02-08 00:08:14 ComboFix2.txt 2008-10-08 07:17:26 Pre-Run: 31 679 799 296 byte ledig Post-Run: 31,804,252,160 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 329 --- E O F --- 2009-01-15 00:18:31 Hijackthis loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:17:00, on 08.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe C:\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\CAPCOM\DEVILMAYCRY4\DevilMayCry4_DX9.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\sysop\Skrivebord\b\bob.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programfiler\Power Translator 11\Applications\LEC IE Translation Extension.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [SMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: BJ Status Monitor Canon PIXMA iP3000.lnk = C:\Documents and Settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.skoleportalen.no O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193760440125 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programfiler\Power Translator 11\LogoMedia TranslateDotNet Server.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7194 bytes Takk for hjelp sålangt. Hva med å gå i safemodus, stoppe prosessen, slette filen og så kopiere filen fra Windows CDen? Ellers så er jo det enkleste å bare installere windows på nytt ;-) Det er ikke mulig å kopiere filer ved navn rundll32.exe inn, og heller ikke mulig å rename > flytte inn > rename tilbake. Endret 8. februar 2009 av nilsso Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13046199
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Gå til nettstedet Virustotal, og last opp følgende fil for sjekk: c:\windows\system32\rundll3.exe Gi tilbakemelding på om det ble funnet noe og noter også MD5-verdien fila får. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13046314
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Gå til nettstedet Virustotal, og last opp følgende fil for sjekk:c:\windows\system32\rundll3.exe Gi tilbakemelding på om det ble funnet noe og noter også MD5-verdien fila får. Ah, det var bare meg som prøvde å flytte filen inn igjen og rename den til rundll32.exe(rundll3.exe var det nærmeste jeg kom, hehe.). Det er rundll32.exe fila, men som sagt fungerer det ikke å rename noe til rundll32.exe / flytte inn. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13046441
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Det er fordi rundll32.exe ligger i samme mappe. Loggen viser at den er skjult (likeså fila som starter dato/klokke-settings, timedate.cpl). Prøv følgende: Start->kjør Skriv: sfc /scannow Hvis fortsatt probl. fortsett med følgende: Sørg for å se skjulte filer og mapper: Kontrollpanel->Mappealternativer->vis Fjern merket framfor "Skjul beskyttede operativsystemfiler" Sett merke framfor "Vis skjulte filer og mapper" Gå til Start->Søk Søk i filer og mapper Skriv inn: rundll32.exe I hvilke mapper sier søket at rundll32.exe fila ligger? Det finnes også en fix for å sette registeret til default knyttet til cpl-filer (bla. timedate.cpl): http://www.dougknox.com/xp/file_assoc.htm. Last ned CPL File Association Fix Endret 8. februar 2009 av norbat Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13046462
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Prøvde å laste ned cpl-filen, kjørte den, restartet; problemet fortsatt der. Søket sier at filen ligger 2 steder, følgende: C:\WINDOWS\ServicePackFiles\i386 C:\WINDOWS\SoftwareDistribution\Download\640458d0c11651636af7e639bed7ddde Filanalysen: File has already been analysed: MD5: b1d2f529dc72f42c73fb0f48c55e7898 First received: - Date: 12.20.2008 10:56:00 (CET) [>50D] Results: 0/38 Permalink: analisis/fdb3f9f5228c12f92018eec51a38baac Antivirus Version Last Update Result AhnLab-V3 2008.12.19.3 2008.12.19 - AntiVir 7.9.0.45 2008.12.19 - Authentium 5.1.0.4 2008.12.20 - Avast 4.8.1281.0 2008.12.19 - AVG 8.0.0.199 2008.12.19 - BitDefender 7.2 2008.12.20 - CAT-QuickHeal 10.00 2008.12.20 - ClamAV 0.94.1 2008.12.20 - Comodo 781 2008.12.19 - DrWeb 4.44.0.09170 2008.12.20 - eSafe 7.0.17.0 2008.12.18 - eTrust-Vet 31.6.6269 2008.12.19 - Ewido 4.0 2008.12.19 - F-Prot 4.4.4.56 2008.12.19 - F-Secure 8.0.14332.0 2008.12.20 - Fortinet 3.117.0.0 2008.12.20 - GData 19 2008.12.20 - Ikarus T3.1.1.45.0 2008.12.20 - K7AntiVirus 7.10.559 2008.12.19 - Kaspersky 7.0.0.125 2008.12.20 - McAfee 5469 2008.12.19 - McAfee+Artemis 5469 2008.12.19 - Microsoft 1.4205 2008.12.20 - NOD32 3707 2008.12.19 - Norman 5.80.02 2008.12.19 - Panda 9.0.0.4 2008.12.20 - PCTools 4.4.2.0 2008.12.19 - Prevx1 V2 2008.12.20 - Rising 21.08.52.00 2008.12.20 - SecureWeb-Gateway 6.7.6 2008.12.19 - Sophos 4.37.0 2008.12.20 - Sunbelt 3.2.1801.2 2008.12.11 - Symantec 10 2008.12.20 - TheHacker 6.3.1.4.193 2008.12.19 - TrendMicro 8.700.0.1004 2008.12.19 - VBA32 3.12.8.10 2008.12.20 - ViRobot 2008.12.20.1528 2008.12.20 - VirusBuster 4.5.11.0 2008.12.19 - Additional information File size: 33280 bytes MD5...: b1d2f529dc72f42c73fb0f48c55e7898 SHA1..: 21076bb76292ad0ba34c6efe65cc1741c0f7b2b3 SHA256: 62d91adcc4f6eef29ba2b4aa65e7a6a884201db04cc54fcd45fb9cdfab87c02c SHA512: 8783f3beb3988915f741258fd97c5646a7f4b02a4ade536bff9764152ea2159f 8a8a002c5677b685424c3fcf09c05f7202c3c905e992e246940d6cf484a0695f ssdeep: 768:8vAOVbSEln5IyYpamDjobj8SoKvKWdVUst:XKln5IUmDjoX0KvKWdVUst PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1001bdc timedatestamp.....: 0x480252d5 (Sun Apr 13 18:37:09 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x126a 0x1400 5.98 9038b5180416ec863a8333c5caeaa438 .data 0x3000 0x38 0x200 0.25 a7f7e8f7f41d7ffb4b369fe282510650 .rsrc 0x4000 0x6728 0x6800 5.62 bb2bee9ce8200341d73bb327ffe04ee8 ( 5 imports ) > msvcrt.dll: _except_handler3, _wtoi, _vsnwprintf > KERNEL32.dll: FreeLibrary, LocalFree, lstrlenA, WideCharToMultiByte, LocalAlloc, lstrlenW, GetProcAddress, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter > GDI32.dll: GetStockObject > USER32.dll: RegisterClassW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, MessageBoxW, LoadCursorW, DestroyWindow > IMAGEHLP.dll: ImageDirectoryEntryToData ( 0 exports ) Endret 8. februar 2009 av nilsso Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13047951
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 La oss prøve å hente fila fra i386-mappa og legge den i system32: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. FCopy:: C:\WINDOWS\ServicePackFiles\i386\rundll32.exe|c:\windows\system32\rundll32.exe Post loggen. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048042
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Loggen er svært lang, skal jeg poste hele ? Endret 8. februar 2009 av nilsso Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048304
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 (endret) Loggen er svært lang, skal jeg poste hele ? Endret 8. februar 2009 av nilsso Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048356
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Du kan fjerne Snapshot-filene i loggen, men post resten. Nevn også hvordan det går med problemet. Endret 8. februar 2009 av norbat Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048378
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Loggen: ComboFix 09-02-06.04 - sysop 2009-02-08 14:45:03.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1424 [GMT 1:00] Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\sysop\Skrivebord\CFScript.txt AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-08 til 2009-02-08 ))))))))))))))))))))))))))))))))) . 2009-02-08 14:11 . 2008-12-26 07:20 290,816 --a------ c:\windows\system32\nvwrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 253,952 --a------ c:\windows\system32\nvrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 211,067 --a------ c:\windows\system32\nvapps.nvb 2009-02-08 14:10 . 2008-12-26 07:20 1,650,688 --a------ c:\windows\system32\nvcuda.dll 2009-02-08 12:48 . 2009-02-08 12:48 12,126 --a------ c:\windows\system32\rundll32-1.rar 2009-02-08 03:25 . 2008-04-14 09:22 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-02-08 03:25 . 2001-08-18 06:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-02-08 03:25 . 2001-10-06 14:03 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-02-08 03:25 . 2001-10-06 14:02 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-02-08 03:25 . 2008-04-14 09:22 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-02-08 03:25 . 2001-10-06 14:03 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-02-08 03:23 . 2001-08-17 21:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-02-08 03:22 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-02-08 03:21 . 2001-10-06 14:02 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-02-08 03:21 . 2001-10-06 14:02 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-02-08 03:21 . 2001-10-06 14:02 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-02-08 03:21 . 2001-10-06 14:02 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-02-08 03:21 . 2001-08-17 20:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-02-08 03:21 . 2001-08-17 20:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-02-08 03:21 . 2001-10-06 14:02 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-02-08 03:21 . 2001-10-06 14:02 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-02-08 03:21 . 2001-08-17 21:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-02-08 03:21 . 2001-08-17 21:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-02-08 03:20 . 2001-10-06 14:02 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-02-08 03:20 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-02-08 03:20 . 2001-08-17 22:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-02-08 03:20 . 2001-08-17 20:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-02-08 03:20 . 2008-04-14 09:23 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-02-08 03:20 . 2001-10-06 14:01 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-02-08 03:20 . 2001-08-17 20:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-02-08 03:20 . 2001-10-06 14:02 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-02-08 03:20 . 2001-10-06 13:30 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-02-08 03:19 . 2001-10-06 14:02 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-02-08 03:19 . 2008-04-13 11:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-02-08 03:19 . 2001-08-17 20:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-02-08 03:19 . 2001-08-17 20:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-02-08 03:19 . 2001-10-06 14:02 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-02-08 03:19 . 2001-08-17 20:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-02-08 03:19 . 2001-08-17 20:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-02-08 03:19 . 2001-08-17 21:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-02-08 03:19 . 2001-08-17 20:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-02-08 03:19 . 2001-08-17 20:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-02-08 03:19 . 2001-08-17 21:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-02-08 03:18 . 2001-08-17 21:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-02-08 03:18 . 2001-10-06 14:02 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-02-08 03:18 . 2001-08-17 22:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-02-08 03:18 . 2001-08-17 22:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-02-08 03:18 . 2001-08-17 22:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-02-08 03:18 . 2001-08-17 22:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-02-08 03:18 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-02-08 03:18 . 2001-08-17 22:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-02-08 03:17 . 2001-10-06 13:24 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-02-08 03:17 . 2001-10-06 14:02 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-02-08 03:17 . 2001-08-17 20:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-02-08 03:17 . 2001-10-06 14:02 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-02-08 03:17 . 2001-10-06 13:23 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-02-08 03:17 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-02-08 03:16 . 2001-10-06 14:02 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-02-08 03:16 . 2001-10-06 14:02 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-02-08 03:16 . 2001-10-06 14:02 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-02-08 03:16 . 2001-08-17 21:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-02-08 03:16 . 2001-08-17 20:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-02-08 03:16 . 2001-10-06 14:02 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-02-08 03:16 . 2001-08-17 22:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-02-08 03:16 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-02-08 03:15 . 2001-10-06 14:02 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-02-08 03:15 . 2001-08-17 20:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-02-08 03:15 . 2001-08-17 20:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-02-08 03:15 . 2001-08-17 20:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-02-08 03:15 . 2001-08-17 21:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-02-08 03:15 . 2008-04-13 11:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-02-08 03:15 . 2001-08-17 21:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys 2009-02-08 03:14 . 2001-10-06 14:02 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll 2009-02-08 03:14 . 2001-10-06 13:45 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-02-08 03:14 . 2001-10-06 14:02 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll 2009-02-08 03:14 . 2001-08-17 20:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-02-08 03:14 . 2008-04-13 11:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-02-08 03:14 . 2008-04-13 11:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys 2009-02-08 03:14 . 2001-08-17 21:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys 2009-02-08 03:13 . 2001-10-06 14:02 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll 2009-02-08 03:13 . 2001-10-06 14:02 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll 2009-02-08 03:13 . 2001-10-06 14:02 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll 2009-02-08 03:13 . 2001-08-17 20:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys 2009-02-08 03:13 . 2001-10-06 13:45 94,794 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys 2009-02-08 03:13 . 2001-08-17 20:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys 2009-02-08 03:13 . 2001-08-17 20:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys 2009-02-08 03:13 . 2008-04-13 09:35 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys 2009-02-08 03:13 . 2001-08-17 20:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys 2009-02-08 03:13 . 2008-04-13 09:35 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys 2009-02-08 03:12 . 2001-10-06 14:02 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll 2009-02-08 03:12 . 2001-10-06 14:02 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll 2009-02-08 03:12 . 2001-10-06 13:43 161,600 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys 2009-02-08 03:12 . 2001-08-17 20:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys 2009-02-08 03:12 . 2001-08-17 20:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys 2009-02-08 03:12 . 2001-08-17 20:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys 2009-02-08 03:12 . 2001-07-21 22:29 18,400 --a--c--- c:\windows\system32\dllcache\sgsmld.sys 2009-02-08 03:11 . 2001-08-17 21:51 23,936 --a--c--- c:\windows\system32\dllcache\sccmusbm.sys 2009-02-08 03:11 . 2001-10-06 13:43 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys 2009-02-08 03:11 . 2001-10-06 13:42 17,280 --a--c--- c:\windows\system32\dllcache\scr111.sys 2009-02-08 03:11 . 2001-10-06 13:42 16,640 --a--c--- c:\windows\system32\dllcache\scmstcs.sys 2009-02-08 03:11 . 2001-08-17 21:52 11,648 --a--c--- c:\windows\system32\dllcache\scsiprnt.sys 2009-02-08 03:11 . 2008-04-13 11:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys 2009-02-08 03:11 . 2001-08-17 21:53 6,912 --a--c--- c:\windows\system32\dllcache\seaddsmc.sys 2009-02-08 03:11 . 2001-10-06 13:43 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys 2009-02-08 03:10 . 2001-10-06 14:01 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-02-08 03:10 . 2001-10-06 14:02 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll 2009-02-08 03:10 . 2001-10-06 14:02 210,496 --a--c--- c:\windows\system32\dllcache\s3mvirge.dll 2009-02-08 03:10 . 2001-10-06 14:02 198,400 --a--c--- c:\windows\system32\dllcache\s3sav4.dll 2009-02-08 03:10 . 2001-10-06 14:02 179,264 --a--c--- c:\windows\system32\dllcache\s3sav3d.dll 2009-02-08 03:10 . 2001-08-17 20:50 77,824 --a--c--- c:\windows\system32\dllcache\s3sav4m.sys 2009-02-08 03:10 . 2001-08-17 20:50 75,392 --a--c--- c:\windows\system32\dllcache\s3savmxm.sys 2009-02-08 03:10 . 2001-08-17 20:50 61,504 --a--c--- c:\windows\system32\dllcache\s3sav3dm.sys 2009-02-08 03:10 . 2008-04-13 11:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys 2009-02-08 03:10 . 2001-10-06 13:42 23,936 --a--c--- c:\windows\system32\dllcache\sccmn50m.sys 2009-02-08 03:09 . 2001-10-06 14:02 182,272 --a--c--- c:\windows\system32\dllcache\s3mt3d.dll 2009-02-08 03:09 . 2001-08-17 20:50 166,720 --a--c--- c:\windows\system32\dllcache\s3m.sys 2009-02-08 03:09 . 2001-10-06 14:02 82,944 --a--c--- c:\windows\system32\dllcache\rwia450.dll 2009-02-08 03:09 . 2001-10-06 14:02 80,384 --a--c--- c:\windows\system32\dllcache\rwia430.dll 2009-02-08 03:09 . 2001-08-17 21:57 65,664 --a--c--- c:\windows\system32\dllcache\s3legacy.sys 2009-02-08 03:09 . 2001-10-06 14:02 62,496 --a--c--- c:\windows\system32\dllcache\s3mtrio.dll 2009-02-08 03:09 . 2001-08-17 20:50 41,216 --a--c--- c:\windows\system32\dllcache\s3mt3d.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-08 02:34 96,384 ----a-w c:\windows\system32\drivers\sptd8333.sys 2009-02-07 14:06 --------- d-----w c:\programfiler\Starcraft 2009-02-04 19:06 --------- d-----w c:\documents and settings\sysop\Programdata\dvdcss 2009-02-03 14:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-01 20:10 --------- d-----w c:\documents and settings\sysop\Programdata\uTorrent 2009-01-24 00:43 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-24 00:43 --------- d-----w c:\programfiler\Ubisoft 2009-01-24 00:43 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-02 00:15 --------- d-----w c:\documents and settings\sysop\Programdata\DivX 2008-12-28 20:55 --------- d-----w c:\programfiler\Left 4 Dead 2008-12-27 14:20 --------- d-----w c:\programfiler\Diablo II 2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-19 13:03 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-25 12:11 22,328 -c--a-w c:\documents and settings\sysop\Programdata\PnkBstrK.sys 2008-07-18 08:55 1,598,010,535 ----a-w c:\programfiler\Diablo II1.12.rar 2006-12-29 01:07 38,912 ----a-w c:\programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Steam"="c:\steam\steam.exe" [2008-10-08 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BJ Status Monitor Canon PIXMA iP3000.lnk - c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe [2008-03-03 13824] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programfiler\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856] R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?] S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 14:48:08 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\timedate.cpl 93696 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18, 30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3, 8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\ "rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-02-08 14:49:39 ComboFix-quarantined-files.txt 2009-02-08 13:49:36 ComboFix2.txt 2009-02-08 00:08:17 ComboFix3.txt 2008-10-08 07:17:26 Pre-Run: 30 983 241 728 byte ledig Post-Run: 30,977,015,808 byte ledig 2608 --- E O F --- 2009-01-15 00:18:31 Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048390
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Kan du også søke etter fila timedate.cpl og fortelle hvor denne file ligger? Edit: Sjekk om rundll32.exe nå kan sees i system32-mappa. Endret 8. februar 2009 av norbat Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048451
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Kan du også søke etter fila timedate.cpl og fortelle hvor denne file ligger? Edit: Sjekk om rundll32.exe nå kan sees i system32-mappa. timedate.cpl ligger i: C:\WINDOWS\ServicePackFiles\i386 C:\WINDOWS\SoftwareDistribution\Download\640458d0c11651636af7e639bed7ddde rundll32.exe syns ikke i system32 mappen Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13048834
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Og du får fortsatt samme feilmelding når du prøver å åpne 'klokka'? Hva skjer om du skriver timedate.cpl i kjør-feltet? Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13049507
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Og du får fortsatt samme feilmelding når du prøver å åpne 'klokka'?Hva skjer om du skriver timedate.cpl i kjør-feltet? På klokka kommer det fortsatt opp finner ikke rundll32.exe timedate.cpl i kjørfelt -> finner ikke timedate.cpl Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13049544
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Lag deg et nytt cfscript.txt med følgende innhold som du drar over combofix-iconet: FCopy:: C:\WINDOWS\ServicePackFiles\i386\timedate.cpl|c:\windows\system32\timedate.cpl Post loggen. Lenke til kommentar https://www.diskusjon.no/topic/1072200-finner-ikke-rundll32exe/#findComment-13049584
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå