.Butthead. Skrevet 10. april 2009 Del Skrevet 10. april 2009 Fått 2-3000 meldinger fra nod om virus siden 14 tiden.. Ville helst sluppet å formatere, gjorde det sist fredag. Derfor jeg spør her Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:43:30, on 10.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Documents and Settings\Anders\qwdi.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Anders\qwdi.exe \s O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [cqji] C:\WINDOWS\system32\cqji.exe \u O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-21-1454471165-1993962763-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 6778 bytes Lenke til kommentar
snippsat Skrevet 10. april 2009 Del Skrevet 10. april 2009 Hjt loggen ser grei ut. Hvor er det nod sier at disse filene er? Vi kan kjøre noe som er viser mer. Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
.Butthead. Skrevet 10. april 2009 Forfatter Del Skrevet 10. april 2009 (endret) Kjørt et par ganger med Nod32 og spybot nå, ser ut som det har hjulpet litt iallfall. Kan i det minste poste her nå, det kunne jeg ikke for 20min siden. Etter jeg restarta pcen har jeg kun fått 100 blocked attacks. Når jeg ser i log files hos eset så ser jeg at de fleste er i windows/system32 Kjørte scan, og så fjerna den 84 infected files. Neste scan fant den ingenting. Fikk fjernet noe annet tull som kom når hver gang jeg gikk inn på internett igår iallfall. jl.chura.pl heter det. Kan det vær dette som har skapt så mye tull for meg? Ble engelsk MBAM, men tipper det går ut på det samme. Malwarebytes' Anti-Malware 1.36 Database version: 1962 Windows 5.1.2600 Service Pack 3 10.04.2009 16:44:14 mbam-log-2009-04-10 (16-44-14).txt Scan type: Quick Scan Objects scanned: 59803 Time elapsed: 1 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-04-04.01 - Anders 2009-04-10 16:46:24.1 - NTFSx86 Kjører fra: c:\documents and settings\Anders\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) FW: ESET Personal firewall *enabled* * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Anders\Application Data\inst.exe c:\windows\system32\Pncrt.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-10 til 2009-04-10 ))))))))))))))))))))))))))))))))) . 2009-04-10 16:40 . 2009-04-10 16:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-10 16:40 . 2009-04-10 16:40 <DIR> d-------- c:\documents and settings\Anders\Application Data\Malwarebytes 2009-04-10 16:40 . 2009-04-10 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-10 16:40 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 16:40 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-10 15:42 . 2009-04-10 15:42 <DIR> d-------- c:\program files\Trend Micro 2009-04-06 15:56 . 2009-04-06 15:56 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-04-05 21:40 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-04-05 21:33 . 2009-04-05 21:33 <DIR> d-------- c:\windows\Downloaded Installations 2009-04-05 21:33 . 2009-04-10 15:16 <DIR> d-------- c:\program files\D-Tools 2009-04-05 21:33 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys 2009-04-05 21:33 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys 2009-04-05 21:05 . 2009-04-05 21:05 54,784 ---h----- c:\documents and settings\Anders\qwdi.exe 2009-04-05 21:05 . 2009-04-05 21:05 36,864 --a------ c:\windows\system32\cqji.exe 2009-04-05 21:03 . 2009-04-05 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-04-05 21:00 . 2009-04-05 21:00 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-04-05 20:59 . 2009-04-05 20:59 <DIR> d-------- c:\documents and settings\Anders\Application Data\DAEMON Tools Pro 2009-04-05 18:21 . 2009-04-10 15:32 <DIR> d-------- c:\program files\VentriloMIX 2009-04-05 18:21 . 2009-04-05 18:25 <DIR> d-------- c:\documents and settings\Anders\Application Data\Ventrilo 2009-04-05 16:21 . 2009-04-05 16:21 98,304 --a------ c:\windows\system32CmdLineExt.dll 2009-04-05 00:05 . 2009-04-05 00:05 <DIR> d-------- c:\documents and settings\Anders\Application Data\vlc 2009-04-04 18:05 . 2009-04-08 18:05 <DIR> d-------- c:\documents and settings\Anders\Application Data\dvdcss 2009-04-04 16:18 . 2009-04-10 15:18 <DIR> d-------- c:\program files\FrostWire 2009-04-04 16:18 . 2009-04-10 02:01 <DIR> d-------- c:\documents and settings\Anders\Application Data\FrostWire 2009-04-04 03:37 . 2009-04-04 03:37 <DIR> d-------- c:\documents and settings\Anders\Application Data\Creative 2009-04-04 03:32 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx 2009-04-04 03:32 . 1999-10-10 18:00 41,984 --------- c:\windows\CTREGRUN.EXE 2009-04-04 03:31 . 2009-04-04 03:32 <DIR> d-------- c:\program files\Creative 2009-04-04 03:01 . 2008-04-14 05:42 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-04 02:31 . 2009-04-09 15:17 <DIR> d-------- c:\documents and settings\Anders\Application Data\BitTorrent Pro 2009-04-04 02:31 . 2009-04-04 02:28 6,443,008 --a------ c:\windows\system\CM108.cpl 2009-04-04 02:31 . 2009-04-04 02:28 1,700,352 --a------ c:\windows\system32\GdiPlus.dll 2009-04-04 02:31 . 2009-04-04 02:28 712,704 --a------ c:\windows\system\a3d108pu.dll 2009-04-04 02:31 . 2009-04-04 02:28 712,704 --a------ c:\windows\system\a3d.dll 2009-04-04 02:31 . 2009-04-04 02:28 274,432 --a------ c:\windows\system32\CM108RM.EXE 2009-04-04 02:31 . 2009-04-04 02:28 45,056 --a------ c:\windows\system32\CM108rm.dll 2009-04-04 02:31 . 2009-04-04 02:28 32,768 --a------ c:\windows\system32\c108prop.dll 2009-04-04 02:31 . 2009-04-04 03:40 743 --a------ c:\windows\system\Cm108.ini 2009-04-04 02:31 . 2009-04-04 02:31 161 --a------ c:\windows\Cm108.ini.cfl 2009-04-04 02:30 . 2009-04-04 02:28 2,584 --a------ c:\windows\Cm108.ini.cfg 2009-04-04 02:29 . 2009-04-10 15:27 <DIR> d-------- c:\program files\Laccess USB audio 2009-04-04 02:29 . 2009-04-04 02:28 1,312,768 --a------ c:\windows\system32\drivers\CM108.sys 2009-04-04 02:29 . 2009-04-04 02:28 315,392 --a------ c:\windows\system\fltr108.dll 2009-04-04 02:29 . 2009-04-04 02:28 266,240 --a------ c:\windows\CMI108UNINSTALL.EXE 2009-04-04 02:25 . 2009-04-04 02:27 <DIR> d-------- c:\program files\NVIDIA Corporation 2009-04-04 01:05 . 2009-02-09 12:08 1,847,552 --------- c:\windows\system32\dllcache\win32k.sys 2009-04-04 01:05 . 2008-12-05 07:58 144,896 --------- c:\windows\system32\dllcache\schannel.dll 2009-04-04 00:50 . 2008-12-11 13:33 333,952 --------- c:\windows\system32\dllcache\srv.sys 2009-04-03 21:36 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-04-03 21:32 . 2009-04-03 21:32 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-04-03 21:32 . 2009-04-03 21:32 <DIR> d-------- c:\program files\Microsoft 2009-04-03 21:32 . 2009-04-10 13:16 <DIR> d-------- c:\documents and settings\Anders\Tracing 2009-04-03 21:31 . 2009-04-03 21:32 <DIR> d-------- c:\program files\Windows Live 2009-04-03 21:30 . 2009-04-03 21:30 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-04-03 19:34 . 2009-04-03 18:55 <DIR> d-------- c:\program files\Logitech 2009-04-03 19:32 . 2009-04-10 15:51 <DIR> d-------- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 14:51 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-10 14:26 --------- d-----w c:\program files\BitTorrent PRO 2009-04-05 14:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-04 02:23 --------- d-----w c:\program files\Java 2009-04-03 18:32 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-04-03 18:32 --------- d-----w c:\program files\Common Files\InstallShield 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-04-03 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-04-03 17:53 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-03 17:53 47,360 ----a-w c:\documents and settings\Anders\Application Data\pcouffin.sys 2009-04-03 17:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-03 17:53 --------- d-----w c:\program files\VSO 2009-04-03 17:53 --------- d-----w c:\program files\VideoLAN 2009-04-03 17:53 --------- d-----w c:\program files\Common Files\Logishrd 2009-04-03 17:53 --------- d-----w c:\documents and settings\Anders\Application Data\Vso 2009-04-03 17:52 --------- d-----w c:\program files\MediaMonkey 2009-04-03 17:50 --------- d-----w c:\program files\CCleaner 2009-04-03 17:47 --------- d-----w c:\documents and settings\Anders\Application Data\ESET 2009-04-03 17:46 --------- d-----w c:\program files\ESET 2009-04-03 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-03 17:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-03 17:07 --------- d-----w c:\program files\AGEIA Technologies 2009-04-03 17:03 --------- d-----w c:\program files\Realtek 2009-04-03 17:00 --------- d-----w c:\documents and settings\Anders\Application Data\InstallShield 2009-04-03 16:49 --------- d-----w c:\program files\Intel 2009-04-03 16:40 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-27 07:14 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 15:55 5,026,816 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2009-02-17 14:50 17,510,400 ----a-w c:\windows\RTHDCPL.EXE 2009-02-09 13:34 35,840 ----a-w c:\windows\system32\RtkCoInstXP.dll 2009-02-09 11:08 1,847,552 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-21 14:54 1,206,816 ----a-w c:\windows\RtlUpd.exe 2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll . ------- Sigcheck ------- 2009-01-08 21:12 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys 2009-01-08 20:07 1033728 afed67f03219eb96e0e4778299013d96 c:\windows\Explorer.EXE 2008-04-14 05:42 15360 c2298dc3cab628f5957240e7509e529b c:\windows\system32\ctfmon.exe 2008-04-14 05:42 26112 b3f4ec8136f3a53c3a971255dd888fe9 c:\windows\system32\userinit.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "cqji"="c:\windows\system32\cqji.exe" [2009-04-05 36864] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "RTHDCPL"="RTHDCPL.EXE" [2009-02-17 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\WINDOWS\\system32\\cqji.exe"= "c:\\Documents and Settings\\Anders\\qwdi.exe"= R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-04-04 1312768] S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-09-26 10384] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - AegisP *Deregistered* - AFD *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - d347bus *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - eamon *Deregistered* - easdrv *Deregistered* - ekrn *Deregistered* - epfw *Deregistered* - Epfwndis *Deregistered* - epfwtdi *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - GTNDIS5 *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - Kbdclass *Deregistered* - KSecDD *Deregistered* - LanmanServer *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - nTuneService *Deregistered* - Null *Deregistered* - NVR0Dev *Deregistered* - NVR0FLASHDev *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - pcouffin *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - rspndr *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - UpdateCenterService *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - Wdf01000 *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-Cm108Sound - cm108.cpl . ------- Tilleggsskanning ------- . FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\t2h1tdgd.default\ FF - prefs.js: browser.startup.homepage - www.google.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 16:47:11 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-04-10 16:47:54 ComboFix-quarantined-files.txt 2009-04-10 15:47:52 Pre-Run: 215 986 569 216 bytes free Post-Run: 215,983,439,872 bytes free 307 --- E O F --- 2009-04-06 14:33:26 Endret 10. april 2009 av .Butthead. Lenke til kommentar
snippsat Skrevet 10. april 2009 Del Skrevet 10. april 2009 Scann disse filer her virustotal c:\documents and settings\Anders\qwdi.exe c:\windows\system32\cqji.exe Lenke til kommentar
.Butthead. Skrevet 10. april 2009 Forfatter Del Skrevet 10. april 2009 (endret) Hva gjør jeg nå da? Ser den ligger listet inne i brannmuren til nod32, skal jeg blokke den der? Endret 10. april 2009 av .Butthead. Lenke til kommentar
snippsat Skrevet 10. april 2009 Del Skrevet 10. april 2009 (endret) Du skal gå til link virustotal. Der trykker du på "bla igjennom"(finner de filer) og -->send fil. Da vil den scanne de filer og du får en rapport som du kan poste. Endret 10. april 2009 av SNIPPSAT Lenke til kommentar
.Butthead. Skrevet 11. april 2009 Forfatter Del Skrevet 11. april 2009 Beklager jeg ikke har fått svart eller gjort noe før nå, har ikke brukt denne pcen siden sist post. Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.10 Backdoor.Win32.Tofsee!IK AhnLab-V3 5.0.0.2 2009.04.10 Win-Trojan/Xema.variant AntiVir 7.9.0.138 2009.04.10 - Antiy-AVL 2.0.3.1 2009.04.10 - Authentium 5.1.2.4 2009.04.10 W32/Bloop.A.gen!Eldorado Avast 4.8.1335.0 2009.04.09 - AVG 8.5.0.285 2009.04.10 - BitDefender 7.2 2009.04.10 - CAT-QuickHeal 10.00 2009.04.10 - ClamAV 0.94.1 2009.04.10 - Comodo 1109 2009.04.10 - DrWeb 4.44.0.09170 2009.04.10 Trojan.Packed.154 eSafe 7.0.17.0 2009.04.07 Suspicious File eTrust-Vet 31.6.6448 2009.04.10 - F-Prot 4.4.4.56 2009.04.10 W32/Bloop.A.gen!Eldorado F-Secure 8.0.14470.0 2009.04.10 Backdoor:W32/Tofsee.B Fortinet 3.117.0.0 2009.04.10 - GData 19 2009.04.10 - Ikarus T3.1.1.49.0 2009.04.10 Backdoor.Win32.Tofsee K7AntiVirus 7.10.698 2009.04.09 - Kaspersky 7.0.0.125 2009.04.10 Heur.Trojan.Generic McAfee 5579 2009.04.09 - McAfee+Artemis 5579 2009.04.09 - McAfee-GW-Edition 6.7.6 2009.04.10 - Microsoft 1.4502 2009.04.10 Backdoor:Win32/Tofsee.F NOD32 3999 2009.04.10 - Norman 6.00.06 2009.04.09 W32/Malware nProtect 2009.1.8.0 2009.04.10 - Panda 10.0.0.14 2009.04.10 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.10 - Rising 21.24.44.00 2009.04.10 Trojan.Win32.Nodef.hub Sophos 4.40.0 2009.04.10 - Sunbelt 3.2.1858.2 2009.04.10 - Symantec 1.4.4.12 2009.04.10 - TheHacker 6.3.4.0.305 2009.04.09 - TrendMicro 8.700.0.1004 2009.04.10 PAK_Generic.001 VBA32 3.12.10.2 2009.04.10 - ViRobot 2009.4.10.1688 2009.04.10 - VirusBuster 4.6.5.0 2009.04.10 Win32.Virut.Y.Gen Additional information File size: 54784 bytes MD5...: ff626bc64d017c92de036eeeb7a6145f SHA1..: 29fa27a822b8f47af5e8b1539b32717022e1afb2 SHA256: 14621b23256fe57f95860a9187f85a0f40e215faf9a121581a0cffdd78aeb0c3 SHA512: 49fd64ebbb84f54737e0dc71e262ca72f376c774dc3bd679e28ef0ec9c664532 8ab60a140237711cc840689a1d17499a7c1d6d0e05117ec4eda49dd6f9b2895a ssdeep: 768:KWoxkhmwbUc7gLNEeZq5K2N6wJuWP1BQrdp5lU88QMfyuACdb9sLk+rkTN:K WoWbUmBN6wj1BkjlM6udd5sLk+8 PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1aa70 timedatestamp.....: 0x406d6680 (Fri Apr 02 13:11:28 2004) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x12000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x13000 0x8000 0x7c00 7.87 c40d4d98750731cf2b7598059ae67083 UPX2 0x1b000 0x7000 0x5600 5.58 aa33501b79ffa0ce4d92652face3ca94 ( 4 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > GDI32.DLL: GdiFlush > OLE32.DLL: CoGetObject > OLEAUT32.dll: VarAbs ( 0 exports ) RDS...: NSRL Reference Data Set - packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX packers (Authentium): UPX packers (F-Prot): UPX Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.11 Backdoor.Win32.Tofsee!IK AhnLab-V3 5.0.0.2 2009.04.11 Win-Trojan/Xema.variant AntiVir 7.9.0.138 2009.04.11 - Antiy-AVL 2.0.3.1 2009.04.11 - Authentium 5.1.2.4 2009.04.11 W32/Bloop.A.gen!Eldorado Avast 4.8.1335.0 2009.04.11 - AVG 8.5.0.285 2009.04.11 SHeur2.AADL BitDefender 7.2 2009.04.11 - CAT-QuickHeal 10.00 2009.04.10 - ClamAV 0.94.1 2009.04.10 - Comodo 1110 2009.04.11 - DrWeb 4.44.0.09170 2009.04.11 Trojan.Packed.154 eSafe 7.0.17.0 2009.04.07 Suspicious File eTrust-Vet 31.6.6450 2009.04.11 - F-Prot 4.4.4.56 2009.04.11 W32/Bloop.A.gen!Eldorado F-Secure 8.0.14470.0 2009.04.11 Backdoor:W32/Tofsee.B Fortinet 3.117.0.0 2009.04.11 PossibleThreat GData 19 2009.04.11 - Ikarus T3.1.1.49.0 2009.04.11 Backdoor.Win32.Tofsee K7AntiVirus 7.10.700 2009.04.11 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.04.11 Heur.Trojan.Generic McAfee 5581 2009.04.11 - McAfee+Artemis 5581 2009.04.11 Generic!Artemis McAfee-GW-Edition 6.7.6 2009.04.11 - Microsoft 1.4502 2009.04.11 Backdoor:Win32/Tofsee.F NOD32 4002 2009.04.11 - Norman 6.00.06 2009.04.09 W32/Malware nProtect 2009.1.8.0 2009.04.11 - Panda 10.0.0.14 2009.04.11 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.12 High Risk Worm Rising 21.24.52.00 2009.04.11 Trojan.Win32.Nodef.hub Sophos 4.40.0 2009.04.11 Mal/Generic-A Sunbelt 3.2.1858.2 2009.04.11 Heur.Trojan.Generic Symantec 1.4.4.12 2009.04.11 - TheHacker 6.3.4.0.305 2009.04.11 - TrendMicro 8.700.0.1004 2009.04.10 PAK_Generic.001 VBA32 3.12.10.2 2009.04.10 - ViRobot 2009.4.10.1688 2009.04.10 - VirusBuster 4.6.5.0 2009.04.11 - Additional information File size: 36864 bytes MD5...: e5fb26ceb7c3ed14f272ae3fd5a4c96a SHA1..: 41ffc79b740c83361b13e96e41856de8ea2475ee SHA256: 8ecf1fc941bb7da04ecc61892312713704021a7d5cf112dd8d8ff2379c1c50a0 SHA512: c094f0a3bc0c1618fd62b9dcd9cca7a250fdd67e36f94e603c388bcb02140e00 8105fe5b02b050fac9dfd05c6388941da712b323bd996ae4331d7943d4c40650 ssdeep: 768:UWoxkhmwbUc7gLNEeZq5K2N6wJuWP1BQrdp5lU88:UWoWbUmBN6wj1Bkj PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1aa70 timedatestamp.....: 0x406d6680 (Fri Apr 02 13:11:28 2004) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x12000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x13000 0x8000 0x7c00 7.87 c40d4d98750731cf2b7598059ae67083 UPX2 0x1b000 0x7000 0x1000 0.52 ca246b2f30b3ab3d2ba11c5d5ec77846 ( 4 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > GDI32.DLL: GdiFlush > OLE32.DLL: CoGetObject > OLEAUT32.dll: VarAbs ( 0 exports ) RDS...: NSRL Reference Data Set - packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=D62C616100A5E53F90E4007CD7C22A00436FB316' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=D62C616100A5E53F90E4007CD7C22A00436FB316</a> packers (F-Prot): UPX packers (Authentium): UPX Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Kan du også sjekke følgende fil på virustotal: c:\windows\Explorer.EXE Lenke til kommentar
.Butthead. Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.12 Trojan.Win32.Patched!IK AhnLab-V3 5.0.0.2 2009.04.12 - AntiVir 7.9.0.138 2009.04.11 - Antiy-AVL 2.0.3.1 2009.04.12 - Authentium 5.1.2.4 2009.04.11 - Avast 4.8.1335.0 2009.04.11 - AVG 8.5.0.285 2009.04.11 - BitDefender 7.2 2009.04.12 - CAT-QuickHeal 10.00 2009.04.10 - ClamAV 0.94.1 2009.04.12 - Comodo 1111 2009.04.12 - DrWeb 4.44.0.09170 2009.04.12 - eSafe 7.0.17.0 2009.04.12 - eTrust-Vet 31.6.6450 2009.04.11 - F-Prot 4.4.4.56 2009.04.11 - F-Secure 8.0.14470.0 2009.04.12 - Fortinet 3.117.0.0 2009.04.12 - GData 19 2009.04.12 - Ikarus T3.1.1.49.0 2009.04.12 Trojan.Win32.Patched K7AntiVirus 7.10.700 2009.04.11 - Kaspersky 7.0.0.125 2009.04.12 - McAfee 5581 2009.04.11 - McAfee+Artemis 5581 2009.04.11 - McAfee-GW-Edition 6.7.6 2009.04.11 Win32.LooksLike.Virut Microsoft 1.4502 2009.04.12 - NOD32 4002 2009.04.11 - Norman 6.00.06 2009.04.09 - nProtect 2009.1.8.0 2009.04.12 - Panda 10.0.0.14 2009.04.12 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.12 - Rising 21.24.62.00 2009.04.12 - Sophos 4.40.0 2009.04.12 - Sunbelt 3.2.1858.2 2009.04.11 - Symantec 1.4.4.12 2009.04.12 - TheHacker 6.3.4.0.306 2009.04.12 - TrendMicro 8.700.0.1004 2009.04.12 - VBA32 3.12.10.2 2009.04.12 - ViRobot 2009.4.10.1688 2009.04.10 - VirusBuster 4.6.5.0 2009.04.11 - Additional information File size: 1033728 bytes MD5...: afed67f03219eb96e0e4778299013d96 SHA1..: 4a746bc02f66e6722d4589e2a7c22b8331a4c976 SHA256: b2231f880d8c4b87edb4f5d7eade04f9909765d3fb5eb496972833a364dbde55 SHA512: 355c82ed68de699c6c54a00fd285003d8eedf14193c5731375e2f676f034755f 5d8dd1fd47fc59e65bc559c2a31dedcab050560f6628ebcb13f4411a3c14796f ssdeep: 12288:Q8dKAe7LZ3RJEniE5CAtj+YroHWYUrkf8w0Vnza/1/g/J/vs:Q8PefZ3RJ EniEgAZbkf8w0Vn01/g/J/ PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1a56f timedatestamp.....: 0x486cba2d (Thu Jul 03 11:38:21 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x44c49 0x44e00 6.36 5da053cb8d1480cd7c1ce316aeb73e83 .data 0x46000 0x1db4 0x1800 1.30 01552ec932276597519ea44e0e73bf5c .rsrc 0x48000 0xb2278 0xb2400 6.63 01054ba88d95b2e035baf99118447744 .reloc 0xfb000 0x9800 0x3800 6.77 2871633329f6c9762cd810ddb2975e15 ( 13 imports ) > ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW > BROWSEUI.dll: -, -, -, - > GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode > KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject > msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf > ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess > ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop > OLEAUT32.dll: -, - > SHDOCVW.dll: -, -, - > SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, - > SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, - > USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW > UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed ( 0 exports ) Lenke til kommentar
.Butthead. Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Nå nettopp. Ny combofix, hijackthis og MBAM logg? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:53, on 12.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\cqji.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [cqji] C:\WINDOWS\system32\cqji.exe \u O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-21-1454471165-1993962763-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1454471165-1993962763-1801674531-1003\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 6021 bytes Malwarebytes' Anti-Malware 1.36 Database version: 1962 Windows 5.1.2600 Service Pack 3 12.04.2009 17:18:19 mbam-log-2009-04-12 (17-18-19).txt Scan type: Quick Scan Objects scanned: 59601 Time elapsed: 1 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-04-12.03 - Anders 2009-04-11 17:13.2 - NTFSx86 Kjører fra: c:\documents and settings\Anders\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) FW: ESET Personal firewall *enabled* * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-12 til 2009-04-12 ))))))))))))))))))))))))))))))))) . 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\documents and settings\Anders\Application Data\Malwarebytes 2009-04-10 15:40 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-10 15:40 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-06 14:56 . 2009-04-06 14:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-04-05 20:40 . 2005-05-26 14:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll 2009-04-05 20:33 . 2004-08-22 15:31 5248 ----a-w c:\windows\system32\drivers\d347prt.sys 2009-04-05 20:33 . 2004-08-22 15:31 155136 ----a-w c:\windows\system32\drivers\d347bus.sys 2009-04-05 20:33 . 2009-04-05 20:33 -------- d-----w c:\windows\Downloaded Installations 2009-04-05 20:05 . 2009-04-05 20:05 54784 ---h--w c:\documents and settings\Anders\qwdi.exe 2009-04-05 20:05 . 2009-04-05 20:05 36864 ----a-w c:\windows\system32\cqji.exe 2009-04-05 20:03 . 2009-04-05 20:03 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-04-05 20:00 . 2009-04-05 20:00 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-05 19:59 . 2009-04-05 19:59 -------- d-----w c:\documents and settings\Anders\Application Data\DAEMON Tools Pro 2009-04-05 17:21 . 2009-04-05 17:25 -------- d-----w c:\documents and settings\Anders\Application Data\Ventrilo 2009-04-05 15:21 . 2009-04-05 15:21 98304 ----a-w c:\windows\system32CmdLineExt.dll 2009-04-04 23:05 . 2009-04-04 23:05 -------- d-----w c:\documents and settings\Anders\Application Data\vlc 2009-04-04 17:05 . 2009-04-08 17:05 -------- d-----w c:\documents and settings\Anders\Application Data\dvdcss 2009-04-04 15:18 . 2009-04-10 01:01 -------- d-----w c:\documents and settings\Anders\Application Data\FrostWire 2009-04-04 02:37 . 2009-04-04 02:37 -------- d-----w c:\documents and settings\Anders\Application Data\Creative 2009-04-04 02:32 . 2000-05-22 08:58 647872 ------w c:\windows\system32\Mscomct2.ocx 2009-04-04 02:32 . 1999-10-10 17:00 41984 ------w c:\windows\CTREGRUN.EXE 2009-04-04 02:01 . 2008-04-14 04:42 221184 ----a-w c:\windows\system32\wmpns.dll 2009-04-04 01:31 . 2009-04-09 14:17 -------- d-----w c:\documents and settings\Anders\Application Data\BitTorrent Pro 2009-04-04 01:31 . 2009-04-04 02:40 743 ----a-w c:\windows\system\Cm108.ini 2009-04-04 01:31 . 2009-04-04 01:31 161 ----a-w c:\windows\Cm108.ini.cfl 2009-04-04 01:31 . 2009-04-04 01:28 45056 ----a-w c:\windows\system32\CM108rm.dll 2009-04-04 01:31 . 2009-04-04 01:28 274432 ----a-w c:\windows\system32\CM108RM.EXE 2009-04-04 01:31 . 2009-04-04 01:28 1700352 ----a-w c:\windows\system32\GdiPlus.dll 2009-04-04 01:31 . 2009-04-04 01:28 6443008 ----a-w c:\windows\system\CM108.cpl 2009-04-04 01:31 . 2009-04-04 01:28 712704 ----a-w c:\windows\system\a3d108pu.dll 2009-04-04 01:31 . 2009-04-04 01:28 712704 ----a-w c:\windows\system\a3d.dll 2009-04-04 01:31 . 2009-04-04 01:28 32768 ----a-w c:\windows\system32\c108prop.dll 2009-04-04 01:30 . 2009-04-04 01:28 2584 ----a-w c:\windows\Cm108.ini.cfg 2009-04-04 01:29 . 2009-04-04 01:28 266240 ----a-w c:\windows\CMI108UNINSTALL.EXE 2009-04-04 01:29 . 2009-04-04 01:28 315392 ----a-w c:\windows\system\fltr108.dll 2009-04-04 01:29 . 2009-04-04 01:28 1312768 ----a-w c:\windows\system32\drivers\CM108.sys 2009-04-04 00:05 . 2008-12-05 06:58 144896 ------w c:\windows\system32\dllcache\schannel.dll 2009-04-04 00:05 . 2009-02-09 11:08 1847552 ------w c:\windows\system32\dllcache\win32k.sys 2009-04-03 23:50 . 2008-12-11 12:33 333952 ------w c:\windows\system32\dllcache\srv.sys 2009-04-03 20:36 . 2008-04-13 23:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys 2009-04-03 20:32 . 2009-04-11 14:49 -------- d-----w c:\documents and settings\Anders\Tracing . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 16:26 . 2009-04-10 16:26 -------- d-----w c:\program files\microsoft frontpage 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-10 15:33 . 2009-04-03 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 14:51 . 2009-04-03 17:40 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-10 14:51 . 2009-04-03 18:32 -------- d-----w c:\program files\Linksys Wireless-G PCI Wireless Network Monitor 2009-04-10 14:42 . 2009-04-10 14:42 -------- d-----w c:\program files\Trend Micro 2009-04-10 14:32 . 2009-04-05 17:21 -------- d-----w c:\program files\VentriloMIX 2009-04-10 14:27 . 2009-04-04 01:29 -------- d-----w c:\program files\Laccess USB audio 2009-04-10 14:26 . 2009-04-03 17:50 -------- d-----w c:\program files\BitTorrent PRO 2009-04-10 14:18 . 2009-04-04 15:18 -------- d-----w c:\program files\FrostWire 2009-04-10 14:16 . 2009-04-05 20:33 -------- d-----w c:\program files\D-Tools 2009-04-06 18:21 . 2009-04-03 16:42 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-05 14:02 . 2009-04-03 17:00 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 15:36 . 2009-04-03 17:55 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-04 02:32 . 2009-04-04 02:31 -------- d-----w c:\program files\Creative 2009-04-04 02:23 . 2009-04-03 17:42 -------- d-----w c:\program files\Java 2009-04-04 01:27 . 2009-04-04 01:25 -------- d-----w c:\program files\NVIDIA Corporation 2009-04-03 20:32 . 2009-04-03 20:32 -------- d-----w c:\program files\Microsoft 2009-04-03 20:32 . 2009-04-03 20:31 -------- d-----w c:\program files\Windows Live 2009-04-03 20:32 . 2009-04-03 20:32 -------- d-----w c:\program files\Windows Live SkyDrive 2009-04-03 20:30 . 2009-04-03 20:30 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-03 18:32 . 2009-04-03 18:32 20747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-04-03 18:32 . 2009-04-03 17:03 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-03 17:55 . 2009-04-03 18:34 -------- d-----w c:\program files\Logitech 2009-04-03 17:54 . 2009-04-03 17:52 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-04-03 17:53 . 2009-04-03 17:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\documents and settings\Anders\Application Data\Vso 2009-04-03 17:53 . 2009-04-03 17:53 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-03 17:53 . 2009-04-03 17:53 47360 ----a-w c:\documents and settings\Anders\Application Data\pcouffin.sys 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\VSO 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\Common Files\Logishrd 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\VideoLAN 2009-04-03 17:52 . 2009-04-03 17:52 -------- d-----w c:\program files\MediaMonkey 2009-04-03 17:50 . 2009-04-03 17:50 -------- d-----w c:\program files\CCleaner 2009-04-03 17:47 . 2009-04-03 17:47 -------- d-----w c:\documents and settings\Anders\Application Data\ESET 2009-04-03 17:46 . 2009-04-03 17:46 -------- d-----w c:\program files\ESET 2009-04-03 17:46 . 2009-04-03 17:46 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-03 17:07 . 2009-04-03 17:07 -------- d-----w c:\program files\AGEIA Technologies 2009-04-03 17:07 . 2009-04-03 17:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-03 17:03 . 2009-04-03 17:00 -------- d-----w c:\program files\Realtek 2009-04-03 17:02 . 2009-04-03 17:02 10 ----a-w C:\csb.log 2009-04-03 17:00 . 2009-04-03 17:00 -------- d-----w c:\documents and settings\Anders\Application Data\InstallShield 2009-04-03 16:49 . 2009-04-03 16:49 -------- d-----w c:\program files\Intel 2009-04-03 16:40 . 2009-04-03 16:40 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-03 16:40 . 2009-04-03 16:40 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-27 07:14 . 2009-04-03 17:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-03-09 04:19 . 2009-04-03 17:42 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 15:55 . 2009-04-03 17:03 5026816 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2009-02-17 14:50 . 2009-04-03 17:03 17510400 ----a-w c:\windows\RTHDCPL.EXE 2009-02-09 13:34 . 2009-04-03 17:03 35840 ----a-w c:\windows\system32\RtkCoInstXP.dll 2009-02-09 11:08 . 2009-01-08 19:14 1847552 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-21 14:54 . 2009-04-03 17:03 1206816 ----a-w c:\windows\RtlUpd.exe 2009-01-16 20:35 . 2009-04-03 16:43 3594752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-16 17:24 . 2009-01-16 17:24 70936 ----a-w c:\windows\system32\PhysXLoader.dll 2009-04-10 12:14 . 2009-04-03 16:46 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2009-04-10 12:14 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2009-04-03 16:46 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040320090404\index.dat 2009-04-10 12:14 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ------- Sigcheck ------- [-] 2009-01-08 20:12 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys [-] 2009-01-08 19:07 1033728 AFED67F03219EB96E0E4778299013D96 c:\windows\Explorer.EXE [-] 2008-04-14 04:42 15360 C2298DC3CAB628F5957240E7509E529B c:\windows\system32\ctfmon.exe [-] 2008-04-14 04:42 26112 B3F4EC8136F3A53C3A971255DD888FE9 c:\windows\system32\userinit.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "cqji"="c:\windows\system32\cqji.exe" [2009-04-05 36864] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "RTHDCPL"="RTHDCPL.EXE" [2009-02-17 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Documents and Settings\\Anders\\qwdi.exe"= "c:\\WINDOWS\\system32\\cqji.exe"= R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-04-04 1312768] S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-09-26 10384] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - GTNDIS5 *Deregistered* - AegisP *Deregistered* - AFD *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - d347bus *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - eamon *Deregistered* - easdrv *Deregistered* - ekrn *Deregistered* - epfw *Deregistered* - Epfwndis *Deregistered* - epfwtdi *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - GTNDIS5 *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - Kbdclass *Deregistered* - KSecDD *Deregistered* - LanmanServer *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - nTuneService *Deregistered* - Null *Deregistered* - NVR0Dev *Deregistered* - NVR0FLASHDev *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - pcouffin *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - rspndr *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - UpdateCenterService *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - Wdf01000 *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . . ------- Tilleggsskanning ------- . FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\t2h1tdgd.default\ FF - prefs.js: browser.startup.homepage - www.google.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-12 17:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2984) c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Tidspunkt ferdig: 2009-04-12 17:16 ComboFix-quarantined-files.txt 2009-04-12 16:16 ComboFix2.txt 2009-04-10 15:47 Pre-Run: 215 891 304 448 bytes free Post-Run: 215,882,510,336 bytes free 316 --- E O F --- 2009-04-06 14:33 Endret 12. april 2009 av .Butthead. Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Søk etter explorer.exe (start->søk) og fortell om fila også ligger en annen plass enn direkte under windows-mappa. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: c:\documents and settings\Anders\qwdi.exe c:\windows\system32\cqji.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cqji"=- Post loggen. Lenke til kommentar
.Butthead. Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) EXPLORER.EXE-082F38A9.pf ligger i windows mappe ja. Windows\prefetch for å være nøyaktig. ComboFix 09-04-12.03 - Anders 2009-04-13 0:56.3 - NTFSx86 Kjører fra: c:\documents and settings\Anders\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Anders\Desktop\CFScript.txt.txt AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) FW: ESET Personal firewall *enabled* * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\documents and settings\Anders\qwdi.exe c:\windows\system32\cqji.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Anders\qwdi.exe c:\windows\system32\cqji.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-12 til 2009-04-12 ))))))))))))))))))))))))))))))))) . 2009-04-10 16:26 . 2009-04-10 16:26 -------- d-----w c:\windows\system32\xircom 2009-04-10 15:45 . 2000-08-31 07:00 89504 ----a-w c:\windows\fdsv.exe 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\documents and settings\Anders\Application Data\Malwarebytes 2009-04-10 15:40 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-10 15:40 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-06 14:56 . 2009-04-06 14:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-04-05 20:40 . 2005-05-26 14:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll 2009-04-05 20:33 . 2004-08-22 15:31 5248 ----a-w c:\windows\system32\drivers\d347prt.sys 2009-04-05 20:33 . 2004-08-22 15:31 155136 ----a-w c:\windows\system32\drivers\d347bus.sys 2009-04-05 20:33 . 2009-04-05 20:33 -------- d-----w c:\windows\Downloaded Installations 2009-04-05 20:03 . 2009-04-05 20:03 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-04-05 20:00 . 2009-04-05 20:00 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-05 19:59 . 2009-04-05 19:59 -------- d-----w c:\documents and settings\Anders\Application Data\DAEMON Tools Pro 2009-04-05 17:21 . 2009-04-05 17:25 -------- d-----w c:\documents and settings\Anders\Application Data\Ventrilo 2009-04-05 15:21 . 2009-04-05 15:21 98304 ----a-w c:\windows\system32CmdLineExt.dll 2009-04-04 23:05 . 2009-04-04 23:05 -------- d-----w c:\documents and settings\Anders\Application Data\vlc 2009-04-04 17:05 . 2009-04-08 17:05 -------- d-----w c:\documents and settings\Anders\Application Data\dvdcss 2009-04-04 15:18 . 2009-04-10 01:01 -------- d-----w c:\documents and settings\Anders\Application Data\FrostWire 2009-04-04 02:37 . 2009-04-04 02:37 -------- d-----w c:\documents and settings\Anders\Application Data\Creative 2009-04-04 02:32 . 2000-05-22 08:58 647872 ------w c:\windows\system32\Mscomct2.ocx 2009-04-04 02:32 . 1999-10-10 17:00 41984 ------w c:\windows\CTREGRUN.EXE 2009-04-04 02:01 . 2008-04-14 04:42 221184 ----a-w c:\windows\system32\wmpns.dll 2009-04-04 01:31 . 2009-04-12 16:58 -------- d-----w c:\documents and settings\Anders\Application Data\BitTorrent Pro 2009-04-04 01:31 . 2009-04-04 02:40 743 ----a-w c:\windows\system\Cm108.ini 2009-04-04 01:31 . 2009-04-04 01:31 161 ----a-w c:\windows\Cm108.ini.cfl 2009-04-04 01:31 . 2009-04-04 01:28 45056 ----a-w c:\windows\system32\CM108rm.dll 2009-04-04 01:31 . 2009-04-04 01:28 274432 ----a-w c:\windows\system32\CM108RM.EXE 2009-04-04 01:31 . 2009-04-04 01:28 1700352 ----a-w c:\windows\system32\GdiPlus.dll 2009-04-04 01:31 . 2009-04-04 01:28 6443008 ----a-w c:\windows\system\CM108.cpl 2009-04-04 01:31 . 2009-04-04 01:28 712704 ----a-w c:\windows\system\a3d108pu.dll 2009-04-04 01:31 . 2009-04-04 01:28 712704 ----a-w c:\windows\system\a3d.dll 2009-04-04 01:31 . 2009-04-04 01:28 32768 ----a-w c:\windows\system32\c108prop.dll 2009-04-04 01:30 . 2009-04-04 01:28 2584 ----a-w c:\windows\Cm108.ini.cfg 2009-04-04 01:29 . 2009-04-04 01:28 266240 ----a-w c:\windows\CMI108UNINSTALL.EXE 2009-04-04 01:29 . 2009-04-04 01:28 315392 ----a-w c:\windows\system\fltr108.dll 2009-04-04 01:29 . 2009-04-04 01:28 1312768 ----a-w c:\windows\system32\drivers\CM108.sys 2009-04-04 00:05 . 2008-12-05 06:58 144896 ------w c:\windows\system32\dllcache\schannel.dll 2009-04-04 00:05 . 2009-02-09 11:08 1847552 ------w c:\windows\system32\dllcache\win32k.sys 2009-04-03 23:50 . 2008-12-11 12:33 333952 ------w c:\windows\system32\dllcache\srv.sys 2009-04-03 20:36 . 2008-04-13 23:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys 2009-04-03 20:32 . 2009-04-12 23:52 -------- d-----w c:\documents and settings\Anders\Tracing . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-12 16:31 . 2009-04-03 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 16:26 . 2009-04-10 16:26 -------- d-----w c:\program files\microsoft frontpage 2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-10 14:51 . 2009-04-03 17:40 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-10 14:51 . 2009-04-03 18:32 -------- d-----w c:\program files\Linksys Wireless-G PCI Wireless Network Monitor 2009-04-10 14:42 . 2009-04-10 14:42 -------- d-----w c:\program files\Trend Micro 2009-04-10 14:32 . 2009-04-05 17:21 -------- d-----w c:\program files\VentriloMIX 2009-04-10 14:27 . 2009-04-04 01:29 -------- d-----w c:\program files\Laccess USB audio 2009-04-10 14:26 . 2009-04-03 17:50 -------- d-----w c:\program files\BitTorrent PRO 2009-04-10 14:18 . 2009-04-04 15:18 -------- d-----w c:\program files\FrostWire 2009-04-10 14:16 . 2009-04-05 20:33 -------- d-----w c:\program files\D-Tools 2009-04-06 18:21 . 2009-04-03 16:42 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-05 14:02 . 2009-04-03 17:00 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 15:36 . 2009-04-03 17:55 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-04 02:32 . 2009-04-04 02:31 -------- d-----w c:\program files\Creative 2009-04-04 02:23 . 2009-04-03 17:42 -------- d-----w c:\program files\Java 2009-04-04 01:27 . 2009-04-04 01:25 -------- d-----w c:\program files\NVIDIA Corporation 2009-04-03 20:32 . 2009-04-03 20:32 -------- d-----w c:\program files\Microsoft 2009-04-03 20:32 . 2009-04-03 20:31 -------- d-----w c:\program files\Windows Live 2009-04-03 20:32 . 2009-04-03 20:32 -------- d-----w c:\program files\Windows Live SkyDrive 2009-04-03 20:30 . 2009-04-03 20:30 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-03 18:32 . 2009-04-03 18:32 20747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-04-03 18:32 . 2009-04-03 17:03 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-03 17:55 . 2009-04-03 18:34 -------- d-----w c:\program files\Logitech 2009-04-03 17:54 . 2009-04-03 17:52 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-04-03 17:54 . 2009-04-03 17:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-04-03 17:53 . 2009-04-03 17:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\documents and settings\Anders\Application Data\Vso 2009-04-03 17:53 . 2009-04-03 17:53 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-03 17:53 . 2009-04-03 17:53 47360 ----a-w c:\documents and settings\Anders\Application Data\pcouffin.sys 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\VSO 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\Common Files\Logishrd 2009-04-03 17:53 . 2009-04-03 17:53 -------- d-----w c:\program files\VideoLAN 2009-04-03 17:52 . 2009-04-03 17:52 -------- d-----w c:\program files\MediaMonkey 2009-04-03 17:50 . 2009-04-03 17:50 -------- d-----w c:\program files\CCleaner 2009-04-03 17:47 . 2009-04-03 17:47 -------- d-----w c:\documents and settings\Anders\Application Data\ESET 2009-04-03 17:46 . 2009-04-03 17:46 -------- d-----w c:\program files\ESET 2009-04-03 17:46 . 2009-04-03 17:46 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-04-03 17:07 . 2009-04-03 17:07 -------- d-----w c:\program files\AGEIA Technologies 2009-04-03 17:07 . 2009-04-03 17:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-03 17:03 . 2009-04-03 17:00 -------- d-----w c:\program files\Realtek 2009-04-03 17:02 . 2009-04-03 17:02 10 ----a-w C:\csb.log 2009-04-03 17:00 . 2009-04-03 17:00 -------- d-----w c:\documents and settings\Anders\Application Data\InstallShield 2009-04-03 16:49 . 2009-04-03 16:49 -------- d-----w c:\program files\Intel 2009-04-03 16:40 . 2009-04-03 16:40 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-03 16:40 . 2009-04-03 16:40 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-27 07:14 . 2009-04-03 17:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-03-09 04:19 . 2009-04-03 17:42 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 15:55 . 2009-04-03 17:03 5026816 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2009-02-17 14:50 . 2009-04-03 17:03 17510400 ----a-w c:\windows\RTHDCPL.EXE 2009-02-09 13:34 . 2009-04-03 17:03 35840 ----a-w c:\windows\system32\RtkCoInstXP.dll 2009-02-09 11:08 . 2009-01-08 19:14 1847552 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-21 14:54 . 2009-04-03 17:03 1206816 ----a-w c:\windows\RtlUpd.exe 2009-01-16 20:35 . 2009-04-03 16:43 3594752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-16 17:24 . 2009-01-16 17:24 70936 ----a-w c:\windows\system32\PhysXLoader.dll 2009-04-10 12:14 . 2009-04-03 16:46 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2009-04-10 12:14 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2009-04-03 16:46 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040320090404\index.dat 2009-04-10 12:14 . 2009-04-03 16:46 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ------- Sigcheck ------- [-] 2009-01-08 20:12 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys [-] 2009-01-08 19:07 1033728 AFED67F03219EB96E0E4778299013D96 c:\windows\Explorer.EXE [-] 2008-04-14 04:42 15360 C2298DC3CAB628F5957240E7509E529B c:\windows\system32\ctfmon.exe [-] 2008-04-14 04:42 26112 B3F4EC8136F3A53C3A971255DD888FE9 c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-12_17.15.35,10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-12 23:46 . 2009-04-12 23:46 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat + 2009-04-12 23:46 . 2009-04-12 23:46 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "RTHDCPL"="RTHDCPL.EXE" [2009-02-17 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 344064] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-04-04 1312768] S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-09-26 10384] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - AegisP *Deregistered* - AFD *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - d347bus *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - eamon *Deregistered* - easdrv *Deregistered* - ekrn *Deregistered* - epfw *Deregistered* - Epfwndis *Deregistered* - epfwtdi *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - GTNDIS5 *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - Kbdclass *Deregistered* - KSecDD *Deregistered* - LanmanServer *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - nTuneService *Deregistered* - Null *Deregistered* - NVR0Dev *Deregistered* - NVR0FLASHDev *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - pcouffin *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - rspndr *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - UpdateCenterService *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - Wdf01000 *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WMP54Gv4SVC *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . . ------- Tilleggsskanning ------- . FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\t2h1tdgd.default\ FF - prefs.js: browser.startup.homepage - www.google.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-13 00:57 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-04-13 0:58 ComboFix-quarantined-files.txt 2009-04-12 23:58 ComboFix2.txt 2009-04-12 16:16 ComboFix3.txt 2009-04-10 15:47 Pre-Run: 213 825 777 664 bytes free Post-Run: 213,815,877,632 bytes free 320 --- E O F --- 2009-04-06 14:33 Endret 12. april 2009 av .Butthead. Lenke til kommentar
norbat Skrevet 13. april 2009 Del Skrevet 13. april 2009 Last ned DrWeb Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Innstillinger->Endre innstillinger. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions/avgjørelser, skal alle punkt under Malware settes til Rename/endre. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Post rapporten. Lenke til kommentar
.Butthead. Skrevet 13. april 2009 Forfatter Del Skrevet 13. april 2009 ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Anders\Desktop\ComboFix.exe/data002;Program.PsExec.171;; data002;C:\Documents and Settings\Anders\Desktop;Arkiv inneholder infiserte objekter;; ComboFix.exe;C:\Documents and Settings\Anders\Desktop;Arkivet inneholder infiserte filer;Flyttet.; LogiMacroEditor.exe;C:\Program Files\Logitech\SetPoint II;Win32.Virut.56;Slettet.; hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Slettet.; qwdi.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Anders;Trojan.Packed.154;Slettet.; cqji.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.154;Slettet.; A0003198.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP18;Win32.Virut.56;Slettet.; A0003351.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP18;Trojan.Packed.154;Slettet.; A0003357.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP18;Trojan.Packed.154;Slettet.; A0005398.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Tool.RemoveWGA;Endret.; A0005582.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Trojan.Packed.154;Slettet.; A0005665.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Trojan.Packed.154;Slettet.; A0005717.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Win32.Virut.56;Slettet.; A0005979.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Win32.Virut.56;Slettet.; A0005982.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP23;Win32.Virut.56;Slettet.; A0007329.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP24;Trojan.Packed.154;Slettet.; A0007330.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP24;Trojan.Packed.154;Slettet.; A0007416.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP25;Win32.Virut.56;Slettet.; A0007417.exe;C:\System Volume Information\_restore{CA6539A6-2792-4C56-B936-04216F773BF6}\RP25;Win32.Virut.56;Slettet.; MOUNTVOL.EXE;C:\WINDOWS\system32;Win32.Virut.56;Slettet.; Lenke til kommentar
norbat Skrevet 14. april 2009 Del Skrevet 14. april 2009 Kjør en skann med NOD og se om det fortsatt dukker opp noe. Ting tyder på at du har en virut-infeksjon og det er ingen hyggelig sak. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå