Malvado Skrevet 30. oktober 2009 Del Skrevet 30. oktober 2009 Har du problemer med å laste ned filen fra microsoft? Lenke til kommentar
-Jungeldyret Skrevet 30. oktober 2009 Forfatter Del Skrevet 30. oktober 2009 Jeg forsto det som om jeg kunne slette noe manuelt på grunn av combofix-loggen jeg postet. Lenke til kommentar
norbat Skrevet 30. oktober 2009 Del Skrevet 30. oktober 2009 Hvis du lover å skaffe et lovlig OS på pc'n din, så skal jeg gjøre et unntak. Problemet er uansett at pc'n din er utsatt for infeksjoner til skade for deg selv og andre. At Telenor stenger nettforbindelsen din er både rett og rimelig Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\system32\mclkjl.dll c:\windows\system322.tmp Registry:: [HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6141:TCP"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aphjuqfqy] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbnac] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\halid] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\htrboloj] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tyzkay] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xltpgz] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zoyzlbq] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\znepuwq] driver:: znepuwq aphjuqfqy dbnac GarenaPEngine halid htrboloj kwddc tyzkay xltpgz zoyzlbq Ldbrous NetSvc:: znepuwq Lenke til kommentar
-Jungeldyret Skrevet 30. oktober 2009 Forfatter Del Skrevet 30. oktober 2009 (endret) Hjertelig takk, jeg kan love at jeg skal gjøre det. Uten tvil nå, når jeg fikk hjelp i tillegg. Har lært min lekse med å ikke gjøre ting ordentlig nå. Skal gjøre det du skrev i morgen. God natt. EDIT: For nysgjerrighetens skyld, noen tanker om hvordan jeg kan ha fått det? Jeg har fortstått hvor idiotisk det er å ikke ha oppdatert, men hvordan får selve viruset? Via internettsider man er innpå, eller..? Endret 30. oktober 2009 av -Jungeldyret Lenke til kommentar
raWrz Skrevet 31. oktober 2009 Del Skrevet 31. oktober 2009 MEST sannsynelig så har du surfet på dårlige sider. Lenke til kommentar
-Jungeldyret Skrevet 3. november 2009 Forfatter Del Skrevet 3. november 2009 (endret) Da har jeg gjort det, Norbat. Her er ny logg. Combofix ComboFix 09-10-28.08 - Andreas 03.11.2009 15:04.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1023.659 [GMT -8:00] Kjører fra: c:\documents and settings\Andreas\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Andreas\Desktop\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: "c:\windows\system32\mclkjl.dll" "c:\windows\system322.tmp" . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mclkjl.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GARENAPENGINE -------\Legacy_ZNEPUWQ -------\Service_kwddc -------\Service_Ldbrous -------\Service_znepuwq ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-03 til 2009-11-03 ))))))))))))))))))))))))))))))))) . 2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\documents and settings\Andreas\Application Data\Malwarebytes 2009-10-29 23:25 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-29 23:25 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-29 05:38 . 2009-10-29 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-10-06 05:29 . 2009-10-06 05:29 -------- d-----w- c:\program files\iPod 2009-10-06 05:29 . 2009-10-06 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-06 05:28 . 2009-10-06 05:28 -------- d-----w- c:\program files\Bonjour 2009-10-06 04:40 . 2009-10-06 04:41 -------- d-----w- c:\program files\QuickTime 2009-10-06 04:28 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-10-06 04:28 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-03 23:08 . 2007-04-14 22:23 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000004-20021102}.dat 2009-11-03 23:08 . 2007-04-14 22:23 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000008-00001102-00000004-20021102}.dat 2009-10-31 07:12 . 2008-11-09 22:32 -------- d-----w- c:\documents and settings\Andreas\Application Data\gtk-2.0 2009-10-31 06:11 . 2008-12-12 01:02 -------- d-----w- c:\documents and settings\Andreas\Application Data\Spotify 2009-10-30 05:39 . 2007-04-14 22:55 -------- d-----w- c:\documents and settings\Andreas\Application Data\Skype 2009-10-30 04:40 . 2008-06-10 22:19 -------- d-----w- c:\documents and settings\Andreas\Application Data\skypePM 2009-10-12 23:48 . 2008-08-11 19:17 -------- d-----w- c:\documents and settings\Andreas\Application Data\uTorrent 2009-10-06 05:30 . 2007-04-15 23:48 -------- d-----w- c:\documents and settings\Andreas\Application Data\Apple Computer 2009-10-06 05:29 . 2007-10-08 01:57 -------- d-----w- c:\program files\Common Files\Apple 2009-10-06 05:19 . 2008-07-10 18:29 -------- d-----w- c:\program files\Common Files\Nikon 2009-10-06 05:19 . 2008-07-10 18:27 0 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2009-10-06 05:19 . 2008-09-14 02:09 -------- d-----w- c:\program files\Nikon 2009-09-29 07:10 . 2007-07-25 19:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-29 07:10 . 2008-07-01 06:26 -------- d-----w- c:\program files\AGEIA Technologies 2009-08-29 02:42 . 2009-10-06 04:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-27 22:15 . 2008-02-08 04:10 71569 ----a-w- c:\windows\War3Unin.dat . ((((((((((((((((((((((((((((( SnapShot@2009-10-31_04.40.49 ))))))))))))))))))))))))))))))))))))))))) . - 2001-08-23 12:00 . 2009-10-31 04:24 70872 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2009-11-03 23:03 70872 c:\windows\system32\perfc009.dat + 2007-04-14 22:25 . 2009-10-31 04:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2007-04-14 22:25 . 2009-05-03 00:15 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-11-03 23:09 . 2009-11-03 23:09 5068 c:\windows\Temp\wrstemp\S-1-5-21-1409082233-1580818891-682003330-1003.dat + 2009-11-03 23:09 . 2009-11-03 23:09 4250 c:\windows\Temp\wrstemp\S-1-5-20.dat + 2009-11-03 23:09 . 2009-11-03 23:09 4182 c:\windows\Temp\wrstemp\S-1-5-19.dat - 2001-08-23 12:00 . 2009-10-31 04:24 421798 c:\windows\system32\perfh009.dat + 2001-08-23 12:00 . 2009-11-03 23:03 421798 c:\windows\system32\perfh009.dat + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885400] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] "Sony Ericsson PC Suite"="d:\install\Sony Ericsson\Pc Suite 3.2\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-03 393216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "CTHelper"="c:\windows\system32\CTHELPER.EXE" [2003-10-06 24576] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="d:\install\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616] "BootSkin Startup Jobs"="d:\install\BootSkin\BootSkin.exe" [2004-04-26 270336] "SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-02-26 65024] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="d:\install\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-03-06 6308728] c:\documents and settings\Andreas\Start Menu\Programs\Startup\ Client Default.lnk - d:\install\Samurize\Client.exe [2007-4-7 2010624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\install\\LimeWire\\LimeWire.exe"= "d:\\install\\Toblo\\Toblo 1.2.exe"= "d:\\install\\Unreal Tournament 3\\Binaries\\UT3.exe"= "d:\\install\\utorrent\\utorrent.exe"= "d:\\install\\Spotify\\spotify.exe"= "d:\\install\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "d:\\install\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\install\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6141:TCP"= 6141:TCP:hwhtoyw R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09.08.2008 13:42 29808] R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [05.08.2008 20:40 8440] R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [14.04.2007 14:21 15840] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [26.03.2009 21:32 1178728] R3 CT200xN51;NDIS5.1 Miniport Driver for 3Com 3C2000 Ethernet Controller;c:\windows\system32\drivers\CT200xN51.sys [06.08.2008 23:52 250240] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 13:10 32512] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [11.03.2009 22:08 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [11.03.2009 22:08 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [11.03.2009 22:08 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [11.03.2009 22:08 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [11.03.2009 22:08 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [11.03.2009 22:08 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [11.03.2009 22:08 110120] S3 SetupNTGLM7X;SetupNTGLM7X;\??\k:\ntglm7x.sys --> k:\NTGLM7X.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [05.10.2009 20:28 40448] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34] 2009-10-31 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 05:05] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {4F16A93C-ACED-4C4D-9891-B55449F60C25} = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\6r1dkxub.default\ FF - plugin: c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\6r1dkxub.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: d:\install\FireFox\plugins\np-mswmp.dll FF - plugin: d:\install\iTunes\Mozilla Plugins\npitunes.dll ---- FIREFOX POLICIES ---- d:\install\FireFox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-03 15:09 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\TEMP\wrstemp\SSMS5C56F956-28F8-425B-9760-0796002107AF.tmp ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(1128) c:\windows\system32\browselc.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Tidspunkt ferdig: 2009-11-03 15:13 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-11-03 23:12 ComboFix2.txt 2009-10-31 04:44 Pre-Run: 1 573 498 880 bytes free Post-Run: 1 440 407 552 bytes free - - End Of File - - BE607C3C07F9A1139E5DE211910128F5 EDIT: Aner ikke om det ble fjernet, men kommer iallfall inn på f-secure.com nå, det tror jeg ikke at jeg gjorde før. Jeg ser alle bildene her nå også. Endret 29. oktober 2012 av r2d290 waits for Obi-Wan Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå