[Løst]Er denne filen et virus?

Malvado · 30. oktober 2009

Har du problemer med å laste ned filen fra microsoft?

-Jungeldyret · 30. oktober 2009

Jeg forsto det som om jeg kunne slette noe manuelt på grunn av combofix-loggen jeg postet.

norbat · 30. oktober 2009

Hvis du lover å skaffe et lovlig OS på pc'n din, så skal jeg gjøre et unntak. Problemet er uansett at pc'n din er utsatt for infeksjoner til skade for deg selv og andre. At Telenor stenger nettforbindelsen din er både rett og rimelig :nei:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

c:\windows\system32\mclkjl.dll

c:\windows\system322.tmp

Registry::

[HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6141:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aphjuqfqy]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dbnac]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\halid]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\htrboloj]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tyzkay]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xltpgz]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zoyzlbq]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\znepuwq]

driver::

znepuwq

aphjuqfqy

dbnac

GarenaPEngine

halid

htrboloj

kwddc

tyzkay

xltpgz

zoyzlbq

Ldbrous

NetSvc::

znepuwq

-Jungeldyret · 30. oktober 2009

Hjertelig takk, jeg kan love at jeg skal gjøre det. Uten tvil nå, når jeg fikk hjelp i tillegg. Har lært min lekse med å ikke gjøre ting ordentlig nå. Skal gjøre det du skrev i morgen. God natt.

EDIT:

For nysgjerrighetens skyld, noen tanker om hvordan jeg kan ha fått det? Jeg har fortstått hvor idiotisk det er å ikke ha oppdatert, men hvordan får selve viruset? Via internettsider man er innpå, eller..?

Endret 30. oktober 2009 av -Jungeldyret

raWrz · 31. oktober 2009

MEST sannsynelig så har du surfet på dårlige sider.

-Jungeldyret · 3. november 2009

Da har jeg gjort det, Norbat. Her er ny logg.

Combofix

ComboFix 09-10-28.08 - Andreas 03.11.2009 15:04.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1023.659 [GMT -8:00]

Kjører fra: c:\documents and settings\Andreas\Desktop\ComboFix.exe

Command switches brukt :: c:\documents and settings\Andreas\Desktop\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

FILE ::

"c:\windows\system32\mclkjl.dll"

"c:\windows\system322.tmp"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\mclkjl.dll

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GARENAPENGINE

-------\Legacy_ZNEPUWQ

-------\Service_kwddc

-------\Service_Ldbrous

-------\Service_znepuwq

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-03 til 2009-11-03 )))))))))))))))))))))))))))))))))

.

2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\documents and settings\Andreas\Application Data\Malwarebytes

2009-10-29 23:25 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-29 23:25 . 2009-10-29 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-29 23:25 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-29 05:38 . 2009-10-29 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2009-10-06 05:29 . 2009-10-06 05:29 -------- d-----w- c:\program files\iPod

2009-10-06 05:29 . 2009-10-06 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-06 05:28 . 2009-10-06 05:28 -------- d-----w- c:\program files\Bonjour

2009-10-06 04:40 . 2009-10-06 04:41 -------- d-----w- c:\program files\QuickTime

2009-10-06 04:28 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-10-06 04:28 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-03 23:08 . 2007-04-14 22:23 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000004-20021102}.dat

2009-11-03 23:08 . 2007-04-14 22:23 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000008-00001102-00000004-20021102}.dat

2009-10-31 07:12 . 2008-11-09 22:32 -------- d-----w- c:\documents and settings\Andreas\Application Data\gtk-2.0

2009-10-31 06:11 . 2008-12-12 01:02 -------- d-----w- c:\documents and settings\Andreas\Application Data\Spotify

2009-10-30 05:39 . 2007-04-14 22:55 -------- d-----w- c:\documents and settings\Andreas\Application Data\Skype

2009-10-30 04:40 . 2008-06-10 22:19 -------- d-----w- c:\documents and settings\Andreas\Application Data\skypePM

2009-10-12 23:48 . 2008-08-11 19:17 -------- d-----w- c:\documents and settings\Andreas\Application Data\uTorrent

2009-10-06 05:30 . 2007-04-15 23:48 -------- d-----w- c:\documents and settings\Andreas\Application Data\Apple Computer

2009-10-06 05:29 . 2007-10-08 01:57 -------- d-----w- c:\program files\Common Files\Apple

2009-10-06 05:19 . 2008-07-10 18:29 -------- d-----w- c:\program files\Common Files\Nikon

2009-10-06 05:19 . 2008-07-10 18:27 0 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT

2009-10-06 05:19 . 2008-09-14 02:09 -------- d-----w- c:\program files\Nikon

2009-09-29 07:10 . 2007-07-25 19:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-09-29 07:10 . 2008-07-01 06:26 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-29 02:42 . 2009-10-06 04:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-27 22:15 . 2008-02-08 04:10 71569 ----a-w- c:\windows\War3Unin.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_04.40.49 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-08-23 12:00 . 2009-10-31 04:24 70872 c:\windows\system32\perfc009.dat

+ 2001-08-23 12:00 . 2009-11-03 23:03 70872 c:\windows\system32\perfc009.dat

+ 2007-04-14 22:25 . 2009-10-31 04:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2007-04-14 22:25 . 2009-05-03 00:15 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-04-14 21:56 . 2009-11-03 23:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-04-14 21:56 . 2003-01-01 08:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-11-03 23:09 . 2009-11-03 23:09 5068 c:\windows\Temp\wrstemp\S-1-5-21-1409082233-1580818891-682003330-1003.dat

+ 2009-11-03 23:09 . 2009-11-03 23:09 4250 c:\windows\Temp\wrstemp\S-1-5-20.dat

+ 2009-11-03 23:09 . 2009-11-03 23:09 4182 c:\windows\Temp\wrstemp\S-1-5-19.dat

- 2001-08-23 12:00 . 2009-10-31 04:24 421798 c:\windows\system32\perfh009.dat

+ 2001-08-23 12:00 . 2009-11-03 23:03 421798 c:\windows\system32\perfh009.dat

+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885400]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

"Sony Ericsson PC Suite"="d:\install\Sony Ericsson\Pc Suite 3.2\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-03 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]

"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2003-10-06 24576]

"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="d:\install\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Seticon"="c:\program files\Icons\Seticon.exe" [2002-10-04 39936]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]

"BootSkin Startup Jobs"="d:\install\BootSkin\BootSkin.exe" [2004-04-26 270336]

"SoundMan"="c:\windows\SOUNDMAN.EXE" [2004-02-26 65024]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="d:\install\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-03-06 6308728]

c:\documents and settings\Andreas\Start Menu\Programs\Startup\

Client Default.lnk - d:\install\Samurize\Client.exe [2007-4-7 2010624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\install\\LimeWire\\LimeWire.exe"=

"d:\\install\\Toblo\\Toblo 1.2.exe"=

"d:\\install\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"d:\\install\\utorrent\\utorrent.exe"=

"d:\\install\\Spotify\\spotify.exe"=

"d:\\install\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=

"d:\\install\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\install\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6141:TCP"= 6141:TCP:hwhtoyw

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09.08.2008 13:42 29808]

R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [05.08.2008 20:40 8440]

R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [14.04.2007 14:21 15840]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [26.03.2009 21:32 1178728]

R3 CT200xN51;NDIS5.1 Miniport Driver for 3Com 3C2000 Ethernet Controller;c:\windows\system32\drivers\CT200xN51.sys [06.08.2008 23:52 250240]

S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 13:10 32512]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [11.03.2009 22:08 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [11.03.2009 22:08 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [11.03.2009 22:08 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [11.03.2009 22:08 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [11.03.2009 22:08 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [11.03.2009 22:08 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [11.03.2009 22:08 110120]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\k:\ntglm7x.sys --> k:\NTGLM7X.sys [?]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [05.10.2009 20:28 40448]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - CLASSPNP_2

*Deregistered* - mbr

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]

2009-10-31 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 05:05]

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {4F16A93C-ACED-4C4D-9891-B55449F60C25} = 10.0.0.138

FF - ProfilePath - c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\6r1dkxub.default\

FF - plugin: c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\6r1dkxub.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: d:\install\FireFox\plugins\np-mswmp.dll

FF - plugin: d:\install\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----

d:\install\FireFox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 15:09

Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

c:\windows\TEMP\wrstemp\SSMS5C56F956-28F8-425B-9760-0796002107AF.tmp

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(1128)

c:\windows\system32\browselc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Webroot\Spy Sweeper\SpySweeper.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-11-03 15:13 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-11-03 23:12

ComboFix2.txt 2009-10-31 04:44

Pre-Run: 1 573 498 880 bytes free

Post-Run: 1 440 407 552 bytes free

- - End Of File - - BE607C3C07F9A1139E5DE211910128F5

EDIT: Aner ikke om det ble fjernet, men kommer iallfall inn på f-secure.com nå, det tror jeg ikke at jeg gjorde før.

Jeg ser alle bildene her nå også.

Endret 29. oktober 2012 av r2d290 waits for Obi-Wan

Logg inn

[Løst]Er denne filen et virus?

Anbefalte innlegg

Malvado

Lenke til kommentar

Videoannonse

-Jungeldyret

Lenke til kommentar

norbat

Lenke til kommentar

-Jungeldyret

Lenke til kommentar

raWrz

Lenke til kommentar

-Jungeldyret

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer