dentix Skrevet 10. april 2009 Del Skrevet 10. april 2009 Kan noen sjekke mine hijackthis og combofix log? Combofix log: Klikk for å se/fjerne innholdet nedenfor Combofix ComboFix 09-04-04.01 - Administrator 2009-04-10 15:36:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.955 [GMT 2:00] Kjører fra: g:\downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Install.txt c:\windows\system32\Install.txt c:\windows\system32\xcchit32.ini c:\windows\xccwinsys.ini c:\windows\system32\winlogon.exe . . . er infisert!! . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_AFISICX -------\Legacy_DEFAULTLIB -------\Legacy_MABIDWE -------\Legacy_RKHIT -------\Legacy_SOFTYINFORWOW1 -------\Legacy_SOPIDKC ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-10 til 2009-04-10 ))))))))))))))))))))))))))))))))) . 2009-04-10 15:40 . 2009-04-10 15:40 <DIR> d-------- c:\windows\system32\xircom 2009-04-10 15:40 . 2009-04-10 15:40 <DIR> d-------- c:\windows\system32\oobe 2009-04-10 15:40 . 2009-04-10 15:40 <DIR> d-------- c:\windows\srchasst 2009-04-10 15:40 . 2009-04-10 15:40 <DIR> d-------- c:\program files\microsoft frontpage 2009-04-10 15:21 . 2009-04-10 15:21 <DIR> d-------- c:\program files\Trend Micro 2009-04-10 14:19 . 2009-04-10 14:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender 2009-04-07 18:47 . 2009-04-07 18:47 <DIR> d-------- c:\program files\Microsoft Works 2009-04-07 18:47 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-04-07 18:46 . 2009-04-07 18:46 <DIR> d-------- c:\program files\Microsoft.NET 2009-04-07 18:45 . 2009-04-07 18:45 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-04-07 18:44 . 2009-04-07 18:46 <DIR> d-------- c:\windows\SHELLNEW 2009-04-07 18:44 . 2009-04-07 18:44 <DIR> dr-h----- C:\MSOCache 2009-04-06 20:48 . 2009-04-06 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco 2009-04-06 20:47 . 2009-04-06 20:48 <DIR> d-------- c:\program files\Raxco 2009-04-06 12:23 . 2009-04-06 12:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Wireshark 2009-04-06 12:20 . 2009-04-06 12:20 <DIR> d-------- c:\program files\Wireshark 2009-04-06 01:15 . 2009-04-06 01:15 <DIR> d-------- c:\program files\ApexDC++ 2009-04-05 16:27 . 2009-04-05 16:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Clue 2009-04-05 16:27 . 2009-04-05 16:27 <DIR> d-------- C:\Clue 2009-04-04 03:23 . 2009-04-04 03:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xi 2009-04-02 02:33 . 2009-04-02 02:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Systweak 2009-04-01 14:34 . 2009-04-01 14:34 231,176 --a------ c:\windows\system32\PDBoot.exe 2009-03-29 21:54 . 2009-03-29 21:54 <DIR> d-------- c:\program files\Sun 2009-03-29 21:54 . 2009-03-29 21:56 <DIR> d-------- c:\documents and settings\Administrator\.VirtualBox 2009-03-29 21:54 . 2009-02-16 17:47 129,552 --a------ c:\windows\system32\VBoxNetFltNotify.dll 2009-03-29 21:54 . 2009-02-16 17:46 100,560 --a------ c:\windows\system32\drivers\VBoxDrv.sys 2009-03-29 21:54 . 2009-02-16 17:47 87,568 --a------ c:\windows\system32\drivers\VBoxNetFlt.sys 2009-03-29 21:54 . 2009-02-16 17:47 41,744 --a------ c:\windows\system32\drivers\VBoxUSBMon.sys 2009-03-29 05:02 . 2009-03-29 05:02 42 --a------ c:\windows\system32\SpywareCease.lie 2009-03-28 19:40 . 2009-03-28 19:40 <DIR> d-------- c:\program files\Error Repair Professional 2009-03-25 16:55 . 2009-04-06 11:05 20,800 --a------ c:\windows\system32\oodbs.lor 2009-03-25 00:15 . 2009-03-28 18:54 <DIR> d-------- c:\program files\Pando Networks 2009-03-24 17:33 . 2009-03-25 18:56 359 --a------ c:\windows\system32\BDUpdateV1.xml 2009-03-24 03:49 . 2009-03-28 18:31 171,136 -rahs---- C:\grldr 2009-03-20 03:13 . 2009-03-20 03:13 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache 2009-03-20 03:09 . 2009-03-20 03:09 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE 2009-03-20 03:09 . 2009-03-20 03:09 <DIR> d--hs---- c:\documents and settings\Administrator\IECompatCache 2009-03-20 03:08 . 2009-03-20 03:08 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache 2009-03-20 03:06 . 2009-03-20 03:06 <DIR> d-------- c:\windows\ie8updates 2009-03-20 03:04 . 2009-03-20 03:06 <DIR> d--h-c--- c:\windows\ie8 2009-03-20 03:02 . 2009-02-28 06:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll 2009-03-19 19:32 . 2009-03-19 19:32 <DIR> d-------- c:\program files\Common Files\DirectX 2009-03-19 16:09 . 2009-03-19 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-03-16 23:23 . 2009-04-10 01:35 <DIR> d--hs---- C:\$RECYCLE.BIN 2009-03-14 20:18 . 2008-05-06 14:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-03-14 18:25 . 2009-03-14 18:25 65,536 --a------ c:\windows\IFinst27.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 13:38 81,984 ----a-w c:\windows\system32\bdod.bin 2009-04-10 12:22 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-10 12:19 --------- d-----w c:\program files\Common Files\BitDefender 2009-04-10 03:43 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-04-09 23:16 --------- d-----w c:\program files\ImgBurn 2009-04-09 15:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Spotify 2009-04-07 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-07 16:47 --------- d-----w c:\program files\MSBuild 2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-06 10:20 --------- d-----w c:\program files\WinPcap 2009-04-02 00:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-31 22:48 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-29 03:04 --------- d-----w c:\program files\Ventrilo 2009-03-28 02:04 --------- d-----w c:\program files\AMD 2009-03-21 23:14 --------- d-----w c:\program files\Common Files\Adobe 2009-03-18 19:49 --------- d-----w c:\documents and settings\Administrator\Application Data\CoreFTP 2009-03-18 14:34 507,904 ------w c:\windows\system32\winlogon.exe 2009-03-16 22:29 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-16 18:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-09 00:48 --------- d-----w c:\program files\Trojan Remover 2009-03-08 13:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 13:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 04:11 --------- d-----w c:\program files\Dark Basic Software 2009-03-08 03:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 03:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 03:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 03:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 03:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 03:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 03:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 03:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 03:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 03:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 03:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 03:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 03:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 03:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 03:33 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll 2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 03:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 03:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 03:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 03:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 03:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 03:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 03:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 03:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 03:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 03:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 03:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 03:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 03:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 03:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-05 15:37 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2009-03-05 15:37 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2009-03-05 15:36 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-03 18:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-03 18:45 --------- d-----w c:\program files\AGEIA Technologies 2009-03-03 01:29 25,992 ----a-w c:\windows\system32\pgdfgsvc.exe 2009-03-02 23:55 --------- d-----w c:\program files\K-Lite Codec Pack 2009-03-02 23:55 --------- d-----w c:\program files\ffdshow 2009-03-02 23:52 --------- d-----w c:\program files\Media Player Classic 2009-03-02 22:12 --------- d-----w c:\program files\PeerGuardian2 2009-03-01 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-03-01 04:08 --------- d-----w c:\program files\BitDefender 2009-02-27 01:53 --------- d-----w c:\program files\Real Alternative 2009-02-26 20:39 --------- d-----w c:\program files\DVD PixPlay 2009-02-25 20:53 951,552 ----a-w c:\windows\system32\oodtrrs.dll 2009-02-25 19:35 --------- d-----w c:\program files\NortonInstaller 2009-02-25 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-02-25 17:45 --------- d-----w c:\program files\Nsasoft 2009-02-24 16:10 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-02-21 17:45 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-02-21 17:41 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-21 17:03 --------- d-----w c:\program files\Rockstar Games 2009-02-18 23:07 --------- d-----w c:\program files\QT Lite 2009-02-18 23:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-18 02:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Broad Intelligence 2009-02-18 01:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Dragonica 2009-02-17 00:32 --------- d-----w c:\program files\Driver Sweeper 2009-02-16 22:17 453,152 ------w c:\windows\system32\nvuninst.exe 2009-02-16 21:56 --------- d-----w c:\program files\Reference Assemblies 2009-02-11 03:23 --------- d-----w c:\program files\MediaCoder 2009-02-10 23:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Hamachi 2009-02-10 14:48 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-19 00:18 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-19 00:18 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-05-05 20:14 34,048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll 2008-05-05 20:14 45,056 ----a-w c:\program files\opera\program\plugins\upd62int.dll 2009-04-10 12:35 49,664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ------- Sigcheck ------- 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-05-06 14:00 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys 2008-06-20 13:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys 2009-03-18 16:34 507904 344e8043acf1dd3edf368c4170a8032f c:\windows\system32\winlogon.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}] 2008-12-05 12:35 389120 --a------ c:\clue\adxloader.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTuner"="c:\program files\RivaTuner v2.22\RivaTuner.exe" [2008-12-29 2732032] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTuner.exe" [2008-12-29 2732032] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 203296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-10 778240] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-10 69632] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 c:\windows\system32\advpack.dll] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-16 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 18:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe] "Debugger"=c:\windows\system32\alg.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-12-29 12:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] --a------ 2009-04-06 15:32 401040 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] --a------ 2009-02-21 19:42 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-01-01 23:36 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2008-08-21 12:37 19456 c:\windows\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-10-10 16:46 69632 c:\windows\KHALMNPR.Exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Administrator\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\utorrent.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "h:\\Games2\\Rockstar\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-03-29 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-03-29 41744] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-16 10384] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-26 179856] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-08-21 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-08-21 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-08-21 566296] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-26 15504] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-03-29 87568] S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\spydetector.sys --> c:\program files\Spyware Process Detector\spydetector.sys [?] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-08-21 99352] S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-08-21 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-08-21 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-08-21 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-08-21 566296] S3 GPU-Z;GPU-Z; [x] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S3 pcistub;pcistub;c:\windows\system32\pcistub.sys [2008-05-06 2304] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - HELPSVC [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-NBMonitor - c:\program files\Nsasoft\NBMonitor\NBMonitor.exe MSConfigStartUp-NIS - c:\documents and settings\Administrator\Local Settings\Temp\IXP000.TMP\NORTON~2.EXE MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-spyprodetector - c:\program files\Spyware Process Detector\spydetector.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://holic.netgame.com/launch/object/mglaunch_USAv1004.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2i4j91w.default\ FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 15:40:30 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1644491937-1078081533-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,83,85,a3,88,d8,74,46,a0,b2,81,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,83,85,a3,88,d8,74,46,a0,b2,81,\ [HKEY_USERS\S-1-5-21-1644491937-1078081533-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC3A42F-4273-5407-8E57-DC1087F39603}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "paihpdnakodhojcklhppjljdnhohjjbo"=hex:69,61,69,67,66,67,67,69,69,68,6f,61,70, 6e,6f,6b,68,68,00,00 "oaohfnhhoclbhmbmjbhgpaollffopf"=hex:69,61,69,67,66,67,67,69,69,68,6f,61,70,6e, 6f,6b,68,68,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="5734CC4A47DB75707564B5E330517E25C02203C0D02D7B185BEA9621BBC25A4B5832847AF1E39A5A8DFA4 E51AC427732C7F389E84EDFB5BB0EDEF11FE3FA2841BB353F8F98076B80057120F7A874048605EDFC964E59ED8 C500A2808AF3C3629BC54958BCD583AE052A8519CDCA245A0111DF477206143EFFDBEFBB98BE8BF0171B36507C E5113FEDAE647C6CF60DA4912819790F11CC6E08FA642CA93B06151B3644815897F216CBD8C14D413A44997A4F EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE C74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E66725C11EAAAB3E6B915657AF 64F1CD909F5F6C237406887FC02EF6E0B697D15FB03149935A0057E8C7166DCF29B1ACB2439A775A3F7AC49014 2347C051C5CE4729D66EAB680E1EECB5E8653ED6304D83D4E833B8DA003F42C667AFF7A67AADE406D7577FD010 563B4482BD0BE43D26C9AE12613B49277B6B3C1BC8FE9B8F725D097F1F4AAB4943244A2F672152A7535A06D612 DC8AA46E8667E83B1F13976982C941244D1CCB3101C8F24222B1EE4AC31956A5287E9808F9C61283CD8F1AA8D7 8ABFA905AD34B454030312F999F2D232860B773FD4FB990FD77C3842833EBD05EFAB95473B680B6C39F060C960 72A01139401E09E2CD8DE0BF2BD34B36D3B4AC5E757765246338BF1B590B4FDC4064FD83818C951621787674BD F599E8F8BC7E717629EEE9A77D5DC1A02E0DBD3594EC20B250BCD249EF982D4902A09E7A2E80F5B7C008D62605 8489CCDB7B7EAE935FC4D447125C8EDCBC1A340839B50B7B2CD1B4631A0A25DA953DC8C2CCA2D614A5E88A1C90 31E40560F5AAE136719A07F60FB9155743C91F69F588E8A3B0ACAC508B94D19E6E3FC6A86A652A28068ADA9BF4 CB2198E06F746DE4AB0FD1C36754035B14A128BD9EF427C3979416D32A33FC15C384838F1C3D39D6F85A08C1CA A91699DC27BC9E459EEDD1ABA52FC5204775D202A528BEFE4689CCA9092080D03BE638BB84A6FC15B2CA4660A7 C918EC6623FBE1395B78E2B5A96978B85D76BF684E726513D2DE24844EFE9E4DE19E9F506D671D0046F7922E75 100D74D87A54232DB4D666296426D915AB44535BEB11345E4F3015E63343278F1365E2672BAD198C219694EF72 B3AC6130D4F1051EDEB7EA20AB736569FAB230CF527C9CECF2139A96D40A47A776DFF2948A8EB243B857E58283 DD83B8EA7E2224BA6228D543448B5F64E7CFCAB6FE10D89C43B637AB8B31CA03351934DDB962B75BF51CEF894A 0CB09742C418A3F2660811C8254F7527152D561443E65CCA8A12262B4B37CFF8517725F880594A6014CEB33692 8AD08B6E7E61B7CE3B57484F37F677EB8040C64D47AB395DEB3" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\rundll32.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-10 15:41:57 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-10 13:41:54 Pre-Run: 17 976 905 728 bytes free Post-Run: 18,066,468,864 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER 391 Hijackthis log: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:23, on 10.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ClueIEAddin - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /T O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229562816328 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv1004.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 7276 bytes Lenke til kommentar
snippsat Skrevet 10. april 2009 Del Skrevet 10. april 2009 (endret) winlogon.exe er infesert vi må prøve om dr.web fikser det,ellers må vi replassere den med andre metoder. --- Last ned DrWeb og legg det på skrivebordet. Restart i Sikker modus (trykkk flere gange på F8 under oppstart) Ikke adminstrator men normal. Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du senere. --- Ny scann med combofix etter dette. Endret 10. april 2009 av SNIPPSAT Lenke til kommentar
dentix Skrevet 10. april 2009 Forfatter Del Skrevet 10. april 2009 Her er ny combofix log: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-04-04.01 - Administrator 2009-04-10 21:43:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1107 [GMT 1:00] Kjører fra: h:\downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-10 til 2009-04-10 ))))))))))))))))))))))))))))))))) . 2009-04-10 20:31 . 2009-04-10 20:31 <DIR> d-------- c:\program files\Spotify 2009-04-10 20:31 . 2009-04-10 20:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Spotify 2009-04-10 20:16 . 2009-04-10 21:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-04-10 20:16 . 2009-04-10 21:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-04-10 19:50 . 2009-04-10 19:50 <DIR> d-------- c:\program files\ESET 2009-04-10 19:50 . 2009-04-10 19:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-04-10 19:33 . 2009-04-10 19:33 <DIR> d-------- c:\windows\system32\ZoneLabs 2009-04-10 19:33 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll 2009-04-10 19:33 . 2009-04-10 19:58 350,192 --a------ c:\windows\system32\vsconfig.xml 2009-04-10 19:19 . 2009-04-10 19:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-10 19:19 . 2009-04-10 19:19 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-04-10 19:19 . 2009-04-10 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-04-10 19:19 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 19:19 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-10 18:17 . 2009-04-10 18:17 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-04-10 18:15 . 2009-04-10 18:15 <DIR> d-------- c:\windows\system32\LogFiles 2009-04-10 18:15 . 2009-04-10 18:16 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-04-10 18:13 . 2009-04-10 18:13 <DIR> d-------- c:\windows\system32\URTTEMP 2009-04-10 18:13 . 2009-01-09 20:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat 2009-04-10 18:01 . 2009-04-10 18:01 <DIR> d-------- c:\program files\RivaTuner v2.24 2009-04-10 18:00 . 2009-04-10 18:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 18:55 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-04-10 18:42 81,984 ----a-w c:\windows\system32\bdod.bin 2009-04-10 18:42 --------- d-----w c:\program files\Common Files\BitDefender 2009-04-10 16:59 --------- d-----w c:\program files\Classic Media player 2009-04-10 16:28 --------- d-----w c:\documents and settings\Administrator\Application Data\CheckPoint 2009-04-10 16:17 --------- d-----w c:\program files\CheckPoint 2009-04-10 16:16 --------- d-----w c:\program files\Zone Labs 2009-04-10 15:47 --------- d-----w c:\program files\Marvell 2009-04-10 15:40 --------- d-----w c:\program files\ffdshow 2009-04-10 15:39 --------- d-----w c:\documents and settings\Administrator\Application Data\Ventrilo 2009-04-10 15:37 --------- d-----w c:\program files\Reference Assemblies 2009-04-10 15:37 --------- d-----w c:\program files\MSBuild 2009-04-10 15:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage 2009-04-10 15:14 --------- d-----w c:\program files\uTorrent 2009-04-10 15:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender 2009-04-10 15:00 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-10 15:00 --------- d-----w c:\program files\Ventrilo 2009-04-10 15:00 --------- d-----w c:\program files\Creative 2009-04-10 15:00 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-10 15:00 --------- d-----w c:\program files\Common Files\Creative Labs Shared 2009-04-10 14:59 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2009-04-10 14:59 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2009-04-10 14:59 --------- d-----w c:\documents and settings\Administrator\Application Data\Creative 2009-04-10 14:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-10 14:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-04-10 14:58 --------- d-----w c:\program files\Common Files\InstallShield 2009-04-10 14:58 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd 2009-04-10 14:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Logitech 2009-04-10 14:57 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-10 14:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-04-10 14:57 --------- d-----w c:\program files\Logitech 2009-04-10 14:57 --------- d-----w c:\program files\Common Files\Logishrd 2009-04-10 14:57 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Logitech 2009-04-10 14:56 --------- d-----w c:\program files\BitDefender 2009-04-10 14:52 --------- d-----w c:\program files\AGEIA Technologies 2009-04-07 01:30 9,986,048 ----a-w c:\windows\system32\nvoglnt.dll 2009-04-07 01:30 802,816 ----a-w c:\windows\system32\nvapi.dll 2009-04-07 01:30 8,030,624 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2009-04-07 01:30 659,456 ----a-w c:\windows\system32\nvcuvid.dll 2009-04-07 01:30 5,882,496 ----a-w c:\windows\system32\nv4_disp.dll 2009-04-07 01:30 453,152 ----a-w c:\windows\system32\nvudisp.exe 2009-04-07 01:30 139,264 ----a-w c:\windows\system32\nvcodins.dll 2009-04-07 01:30 139,264 ----a-w c:\windows\system32\nvcod.dll 2009-04-07 01:30 1,720,320 ----a-w c:\windows\system32\nvcuda.dll 2009-04-07 01:30 1,502,234 ----a-w c:\windows\system32\nvdata.bin 2009-04-07 01:30 1,310,720 ----a-w c:\windows\system32\nvcuvenc.dll 2009-03-27 07:14 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-03-20 13:56 357,182 ----a-w c:\windows\reset.exe 2009-03-04 13:47 15,896 ----a-w c:\windows\system32\drivers\pfmodnt.sys 2009-03-04 13:46 92,696 ----a-w c:\windows\system32\drivers\emupia2k.sys 2009-03-04 13:46 798,744 ----a-w c:\windows\system32\drivers\ha10kx2k.sys 2009-03-04 13:46 189,464 ----a-w c:\windows\system32\drivers\haP17v2k.sys 2009-03-04 13:46 162,840 ----a-w c:\windows\system32\drivers\haP16v2k.sys 2009-03-04 13:46 157,208 ----a-w c:\windows\system32\drivers\ctsfm2k.sys 2009-03-04 13:45 18,840 ----a-w c:\windows\system32\drivers\CTGAME.SYS 2009-03-04 13:45 14,360 ----a-w c:\windows\system32\drivers\ctprxy2k.sys 2009-03-04 13:45 127,512 ----a-w c:\windows\system32\drivers\ctoss2k.sys 2009-03-04 13:45 1,395,992 ----a-w c:\windows\system32\drivers\CTMMFILT.SYS 2009-03-04 13:44 528,408 ----a-w c:\windows\system32\drivers\ctaud2k.sys 2009-03-04 13:44 511,000 ----a-w c:\windows\system32\drivers\ctac32k.sys 2009-03-04 13:44 347,080 ----a-w c:\windows\system32\drivers\ctdvda2k.sys 2009-03-04 13:44 1,366,424 ----a-w c:\windows\system32\drivers\CT0531FL.SYS 2009-03-04 13:42 99,352 ----a-w c:\windows\system32\drivers\COMMONFX.sys 2009-03-04 13:42 566,296 ----a-w c:\windows\system32\drivers\CTSBLFX.sys 2009-03-04 13:42 555,032 ----a-w c:\windows\system32\drivers\CTAUDFX.sys 2009-03-04 13:42 100,888 ----a-w c:\windows\system32\drivers\CTERFXFX.sys 2009-03-04 11:47 86,528 ----a-w c:\windows\system32\ctcoinst.dll 2009-03-04 11:47 43,520 ----a-w c:\windows\system32\CTBurst.dll 2009-03-04 11:47 182,272 ----a-w c:\windows\system32\ctdvinst.dll 2009-03-04 11:47 11,776 ----a-w c:\windows\system32\inres.dll 2009-03-04 11:47 11,776 ----a-w c:\windows\INRES.DLL 2009-03-04 11:46 11,776 ----a-w c:\windows\system32\ac3api.dll 2009-03-04 11:46 10,752 ----a-w c:\windows\system32\a3d.dll 2009-03-04 11:45 9,216 ----a-w c:\windows\system32\ctpres.dll 2009-03-04 11:45 9,216 ----a-w c:\windows\CTPRES.DLL 2009-03-04 11:45 8,704 ----a-w c:\windows\system32\ctagent.dll 2009-03-04 11:45 56,832 ----a-w c:\windows\system32\CTpcmcia.dll 2009-03-04 11:45 45,568 ----a-w c:\windows\system32\ctspkhlp.dll 2009-03-04 11:45 38,400 ----a-w c:\windows\system32\readreg.exe 2009-03-04 11:45 37,888 ----a-w c:\windows\system32\psconv.exe 2009-03-04 11:45 32,768 ----a-w c:\windows\system32\ctthxcal.dll 2009-03-04 11:45 19,456 ----a-w c:\windows\system32\CtHelper.exe 2009-03-04 11:45 12,800 ----a-w c:\windows\system32\ctmmep.dll 2009-03-04 11:44 41,472 ----a-w c:\windows\system32\ctscal.dll 2009-03-04 11:44 330,752 ----a-w c:\windows\system32\ctdc0001.dll 2009-03-04 11:44 227,840 ----a-w c:\windows\system32\ctdc0000.dll 2009-03-04 11:44 131,072 ----a-w c:\windows\system32\ctdcifce.dll 2009-03-04 11:44 10,240 ----a-w c:\windows\system32\ctdcres.dll 2009-03-04 11:44 10,240 ----a-w c:\windows\CTDCRES.DLL 2009-03-04 11:33 196,096 ----a-w c:\windows\system32\ctemupia.dll 2009-03-04 11:30 49,152 ----a-w c:\windows\system32\ctdproxy.dll 2009-03-04 11:30 46,592 ----a-w c:\windows\system32\ctasio.dll 2009-03-04 11:30 176,128 ----a-w c:\windows\system32\ct_oal.dll 2009-03-04 11:29 69,632 ----a-w c:\windows\system32\ctosuser.dll 2009-03-04 11:29 6,144 ----a-w c:\windows\system32\sfman32.dll 2009-03-04 11:29 125,952 ----a-w c:\windows\system32\sfms32.dll 2009-03-04 11:28 64,512 ----a-w c:\windows\system32\piaproxy.dll 2009-03-04 11:28 13,312 ----a-w c:\windows\system32\regplib.exe 2009-03-04 11:25 5,120 ----a-w c:\windows\system32\enlocstr.exe 2009-03-04 11:25 33,792 ----a-w c:\windows\system32\devreg.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-06 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 203296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-06 13750272] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-06 86016] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184] "RivaTuner"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "nwiz"="nwiz.exe" [2009-04-06 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 c:\windows\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2009-03-04 c:\windows\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-04-10 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-19 00:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-04-10 10384] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-03-04 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-03-04 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-03-04 566296] S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-13 357182] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-03-04 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-10 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-03-04 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-03-04 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-03-04 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-03-04 566296] . - - - - TOMME PEKERE FJERNET - - - - Notify-WgaLogon - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r88ew8fn.default\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 21:46:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000409 "PackageTag"=dword:00000000 "ProductBase"=dword:00000000 "ProductCode"="{CDF97135-7FD2-4289-96B8-DD4505267ACD}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.0.314.0" "UniqueId"="00031F6049DF9515" "ScannerBuild"=dword:00001287 "ScannerVersionId"=dword:00000f9f "ScannerVersion"="Locked/open ESET for status." . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(700) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-04-10 21:46:58 ComboFix-quarantined-files.txt 2009-04-10 20:46:56 Pre-Run: 24 395 812 864 bytes free Post-Run: 24,555,683,840 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 266 Lenke til kommentar
snippsat Skrevet 10. april 2009 Del Skrevet 10. april 2009 (endret) Ja da ser det bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Endret 10. april 2009 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå