Petterla Skrevet 21. april 2008 Del Skrevet 21. april 2008 Ja da ser det bra ut Bruk pcen litt kjører den greit må du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf Trygt. Nok en gang mange mange takk. Lenke til kommentar
Kajo2k Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Nå sliter visst jeg også med dette. Prøvd å fjerne det selv, men jeg har fortsatt .dll feilmeldinger. hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:30:20, on 08.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Programfiler\F-Secure\Common\FSMA32.EXE C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\F-Secure\Common\FSMB32.EXE C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\F-Secure\Common\FCH32.EXE C:\Programfiler\F-Secure\Common\FNRB32.EXE C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure\Common\FAMEH32.EXE C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe C:\Programfiler\F-Secure\Anti-Virus\fsrw.exe C:\Programfiler\F-Secure\Common\FIH32.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Logitech\iTouch\iTouch.exe C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE C:\Programfiler\Logitech\ImageStudio\LogiTray.exe C:\Programfiler\F-Secure\Common\FSM32.EXE C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\F-Secure\FSGUI\fsguidll.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Logitech\ImageStudio\LowLight.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\mIRC\mirc.exe C:\Documents and Settings\All Users\Skrivebord\HJThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Programfiler\Common Files\Paltalk\PaltalkWebLogin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E25E5828-47DF-4BC7-81C2-1C828A9D181A} - C:\WINDOWS\system32\iifcATjI.dll (file missing) O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programfiler\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [bM674fb046] Rundll32.exe "C:\WINDOWS\system32\ddnuboci.dll",s O4 - HKLM\..\Run: [647c83da] rundll32.exe "C:\WINDOWS\system32\hveeiwgr.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = D:\Games\Imvu\IMVUClient.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Block this popup - C:\Programfiler\F-Secure\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kajo\Start-meny\Programmer\>IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195234784968 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208892528390 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B508E252-95FD-47DF-BB90-70236CE55AB5}: NameServer = 192.168.1.1 O20 - Winlogon Notify: hgGwUoPI - hgGwUoPI.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: app_filter - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11075 bytes combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-01.3 - Kajo 2008-05-08 21:33:30.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.972 [GMT 2:00] Running from: C:\Documents and Settings\Kajo\Skrivebord\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-08 00:37 . 2008-05-08 00:42 269 --a------ C:\WINDOWS\wininit.ini 2008-05-08 00:22 . 2008-05-08 00:22 2,112 --a------ C:\WINDOWS\system32\ohuikdaw.exe 2008-05-07 22:26 . 2008-05-08 00:20 109,807 --a------ C:\WINDOWS\BM674fb046.xml 2008-05-06 22:58 . 2008-05-08 21:02 <DIR> d-------- C:\Programfiler\mIRC 2008-05-06 22:58 . 2008-05-08 21:32 <DIR> d-------- C:\Documents and Settings\Kajo\Programdata\mIRC 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-04-11 20:46 . 2008-04-11 20:46 399,616 --a------ C:\WINDOWS\system32\drivers\EagleNt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 21:57 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-21 18:26 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Apple Computer 2008-04-19 13:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-17 20:53 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-04-04 18:23 --------- d-----w C:\Programfiler\Fellesfiler\Real 2008-04-04 18:10 --------- d-----w C:\Programfiler\Real 2008-04-04 17:59 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Media Player Classic 2008-03-31 21:55 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Command & Conquer 3 Kane's Wrath 2008-03-31 21:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll 2008-03-03 23:54 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-08-13 15:45 87,608 ----a-w C:\Documents and Settings\Kajo\Programdata\inst.exe 2007-08-13 15:45 47,360 -c--a-w C:\Documents and Settings\Kajo\Programdata\pcouffin.sys 2007-03-27 18:49 1 -c--a-w C:\Documents and Settings\Kajo\SI.bin . ((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.08.14.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 23:04:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-08 18:42:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-07 23:06:05 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-05-08 18:43:46 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E25E5828-47DF-4BC7-81C2-1C828A9D181A}] C:\WINDOWS\system32\iifcATjI.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebCamRT.exe"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2005-07-25 10:39 2043904] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928] "LVCOMS"="C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022] "LogitechGalleryRepair"="C:\Programfiler\Logitech\ImageStudio\ISStart.exe" [2002-12-10 19:32 155648] "LogitechImageStudioTray"="C:\Programfiler\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 19:31 61440] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.exe" [2005-10-26 03:51 122929] "F-Secure TNB"="C:\Programfiler\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57 684032] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "QuickTime Task"="C:\Programfiler\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] "BM674fb046"="C:\WINDOWS\system32\ddnuboci.dll" [ ] "647c83da"="C:\WINDOWS\system32\hveeiwgr.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ F-Secure Automatic Update.lnk - C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-08-20 23:27:43 32807] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-07-23 20:44:08 688128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwUoPI] hgGwUoPI.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] Lenke til kommentar
norbat Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {E25E5828-47DF-4BC7-81C2-1C828A9D181A} - C:\WINDOWS\system32\iifcATjI.dll (file missing) O4 - HKLM\..\Run: [bM674fb046] Rundll32.exe "C:\WINDOWS\system32\ddnuboci.dll",s O4 - HKLM\..\Run: [647c83da] rundll32.exe "C:\WINDOWS\system32\hveeiwgr.dll",b O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kajo\Start-meny\Programmer\>IMVU\Run IMVU.lnk (file missing) O20 - Winlogon Notify: hgGwUoPI - hgGwUoPI.dll (file missing) Åpne Notisblokk og lim inn det som står i fet tekst under. Lagre fila på skrivebordet som CFScript Dra fila over combofix-iconet. Combofix vil starte igjen: File:: C:\WINDOWS\system32\ohuikdaw.exe C:\WINDOWS\BM674fb046.xml C:\WINDOWS\system32\gpprefcl.dll Post den nye combofix-loggen Lenke til kommentar
Kajo2k Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-01.3 - Kajo 2008-05-08 23:14:41.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.946 [GMT 2:00] Running from: C:\Documents and Settings\Kajo\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Kajo\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\BM674fb046.xml C:\WINDOWS\system32\gpprefcl.dll C:\WINDOWS\system32\ohuikdaw.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kajo\Programdata\inst.exe C:\WINDOWS\BM674fb046.xml C:\WINDOWS\system32\gpprefcl.dll C:\WINDOWS\system32\ohuikdaw.exe . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-08 00:37 . 2008-05-08 00:42 269 --a------ C:\WINDOWS\wininit.ini 2008-05-06 22:58 . 2008-05-08 21:02 <DIR> d-------- C:\Programfiler\mIRC 2008-05-06 22:58 . 2008-05-08 21:32 <DIR> d-------- C:\Documents and Settings\Kajo\Programdata\mIRC 2008-04-22 21:34 . 2008-04-22 21:34 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-04-11 20:46 . 2008-04-11 20:46 399,616 --a------ C:\WINDOWS\system32\drivers\EagleNt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 21:57 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-21 18:26 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Apple Computer 2008-04-19 13:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-17 20:53 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-04-04 18:23 --------- d-----w C:\Programfiler\Fellesfiler\Real 2008-04-04 18:10 --------- d-----w C:\Programfiler\Real 2008-04-04 17:59 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Media Player Classic 2008-03-31 21:55 --------- d-----w C:\Documents and Settings\Kajo\Programdata\Command & Conquer 3 Kane's Wrath 2008-03-31 21:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-03 23:54 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-08-13 15:45 47,360 -c--a-w C:\Documents and Settings\Kajo\Programdata\pcouffin.sys 2007-03-27 18:49 1 -c--a-w C:\Documents and Settings\Kajo\SI.bin . ((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.08.14.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 23:04:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-08 18:42:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-07 23:06:05 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-05-08 18:43:46 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebCamRT.exe"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2005-07-25 10:39 2043904] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928] "LVCOMS"="C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022] "LogitechGalleryRepair"="C:\Programfiler\Logitech\ImageStudio\ISStart.exe" [2002-12-10 19:32 155648] "LogitechImageStudioTray"="C:\Programfiler\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 19:31 61440] "F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.exe" [2005-10-26 03:51 122929] "F-Secure TNB"="C:\Programfiler\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57 684032] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "QuickTime Task"="C:\Programfiler\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-12-11 11:56 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ F-Secure Automatic Update.lnk - C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-08-20 23:27:43 32807] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-07-23 20:44:08 688128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "F:\\DC\\DCPlusPlus.exe"= "C:\\Programfiler\\ABC\\abc.exe"= "D:\\Games\\Warcraft III\\Warcraft III.exe"= "D:\\Games\\Nes\\NESTCL95.EXE"= "D:\\Games\\Warcraft III\\war3.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"= "D:\\Games\\Battlefield 2142\\BF2142.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Games\\Command & Conquer 3 Tiberium Wars Kane Edition\\RetailExe\\1.6\\cnc3game.dat"= "D:\\Games\\Call Of Duty 4\\iw3mp.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "33316:TCP"= 33316:TCP:Bittorrent R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 12:01] R2 app_filter;app_filter;C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-20 07:01] R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-08-20 23:27] R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 15:37] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 16:30] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 15:37] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 10:50] S2 FSpm;F-Secure Policy Manager;C:\Programfiler\F-Secure\Common\FSPM.SYS [] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{912975ea-5266-11da-8a88-806d6172696f}] \Shell\AutoRun\command - G:\cdsetup.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 23:15:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 5 ************************************************************************** . Completion time: 2008-05-08 23:16:14 ComboFix-quarantined-files.txt 2008-05-08 21:16:04 ComboFix2.txt 2008-05-08 21:12:14 ComboFix3.txt 2008-05-08 19:36:11 ComboFix4.txt 2008-05-07 23:09:02 ComboFix5.txt 2008-01-11 19:01:58 Pre-Run: 1,779,490,816 byte ledig Post-Run: 1,772,453,888 byte ledig 155 Lenke til kommentar
norbat Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Og hvordan går det med feilmeldingene og PC-en forøvrig? Lenke til kommentar
Kajo2k Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Startet PC-en på nytt, ingen feilmeldinger. Lenke til kommentar
norbat Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Loggen sin ser fin ut Vil allikevel anbefale deg å kjøre en scan med SAS (gratisversjonen). Den vil evt. fjerne leftovers. Etterpå kan du godt fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen. Surf trygt. Lenke til kommentar
Kajo2k Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Da kjører jeg en SAS-scan. Tusen takk for hjelpen! Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Hmm......virker som jeg har noenlunde samme problem.SSAD finner noe som kalles virtumone eller noe i den duren. SAS tar det ikke og Spybot Search & Destroy tar det heller ikke.Prøvde vel Vundofix uten hell også.Kjørte Combofix og fikk denne log`en: Kan noen mate det inn med teskje hvordan jeg setter slike tekstfiler i en "skjult spoiler"?På forhånd takk! ComboFix 08-05-24.1 - Paddington 2008-05-25 17:33:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1613 [GMT 2:00] Running from: C:\Documents and Settings\Paddington\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMe70d3b61.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aJillUvw.ini C:\WINDOWS\system32\aJillUvw.ini2 C:\WINDOWS\system32\bgljkoxf.ini C:\WINDOWS\system32\bolssicx.exe C:\WINDOWS\system32\dmnaffnj.exe C:\WINDOWS\system32\Feeeefii.ini C:\WINDOWS\system32\Feeeefii.ini2 C:\WINDOWS\system32\haqwxepv.dll C:\WINDOWS\system32\hcfjajcp.dll C:\WINDOWS\system32\jeihtgvv.exe C:\WINDOWS\system32\jfgugxsr.dll C:\WINDOWS\system32\jxxftutj.exe C:\WINDOWS\system32\KmoYxyxx.ini C:\WINDOWS\system32\KmoYxyxx.ini2 C:\WINDOWS\system32\knjarqiq.exe C:\WINDOWS\system32\kxsxeedn.dll C:\WINDOWS\system32\mxgsfbly.ini C:\WINDOWS\system32\ndeexsxk.ini C:\WINDOWS\system32\nmqhqqnt.dll C:\WINDOWS\system32\nVCLknmp.ini C:\WINDOWS\system32\nVCLknmp.ini2 C:\WINDOWS\system32\pcjajfch.ini C:\WINDOWS\system32\pwdihses.exe C:\WINDOWS\system32\qoMghigh.dll C:\WINDOWS\system32\rpuicuuh.ini C:\WINDOWS\system32\rsxgugfj.ini C:\WINDOWS\system32\scoadpmj.ini C:\WINDOWS\system32\spfsrqxp.dll C:\WINDOWS\system32\tbmanyhe.exe C:\WINDOWS\system32\tnqqhqmn.ini C:\WINDOWS\system32\uxxIOXbc.ini C:\WINDOWS\system32\uxxIOXbc.ini2 C:\WINDOWS\system32\vnycoptt.dll C:\WINDOWS\system32\vtUnlIaa.dll C:\WINDOWS\system32\xskagqka.dll C:\WINDOWS\system32\aaIlnUtv.ini C:\WINDOWS\system32\aaIlnUtv.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-25 17:21 . 2008-05-25 17:21 115,712 --a------ C:\WINDOWS\system32\fxokjlgb.dll 2008-05-25 17:18 . 2008-05-25 17:18 136,704 --a------ C:\WINDOWS\system32\jymnsgpo.dll 2008-05-25 17:13 . 2008-05-25 17:13 125,440 --a------ C:\WINDOWS\system32\jwqarfdu.dll 2008-05-25 16:38 . 2008-05-25 16:38 <DIR> d-------- C:\VundoFix Backups 2008-05-24 20:17 . 2008-05-24 20:17 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-24 19:49 . 2008-05-24 19:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-24 17:54 . 2008-05-24 17:54 136,192 --a------ C:\WINDOWS\system32\jdnkpwjb.dll 2008-05-24 17:49 . 2008-05-24 17:49 126,464 --a------ C:\WINDOWS\system32\lfiikswh.dll 2008-05-24 17:49 . 2008-05-24 17:49 115,200 --a------ C:\WINDOWS\system32\huuciupr.dll 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-24 16:33 . 2008-05-24 16:33 126,464 --a------ C:\WINDOWS\system32\ndfmhvxx.dll 2008-05-23 22:22 . 2008-05-23 22:22 133,632 --a------ C:\WINDOWS\system32\volrnadh.dll 2008-05-23 22:19 . 2008-05-23 22:19 115,200 --a------ C:\WINDOWS\system32\ylbfsgxm.dll 2008-05-23 22:13 . 2008-05-23 22:13 126,464 --a------ C:\WINDOWS\system32\bbtixkdy.dll 2008-05-23 17:56 . 2006-10-03 21:51 2,051,506 --a------ C:\Documents and Settings\Paddington\Juli@_v21.zip 2008-05-22 22:21 . 2008-05-22 22:21 134,144 --a------ C:\WINDOWS\system32\ebjundle.dll 2008-05-22 22:15 . 2008-05-22 22:15 115,200 --a------ C:\WINDOWS\system32\jmpdaocs.dll 2008-05-22 22:12 . 2008-05-22 22:12 126,464 --a------ C:\WINDOWS\system32\xplkoqki.dll 2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-21 22:29 . 2008-05-22 20:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Documents and Settings\Paddington\Application Data\JLC's Software 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-01 16:55 . 2008-05-01 16:55 9,640 --a------ C:\cover.jpg 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 13:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-25 13:56 --------- d-----w C:\Program Files\SpywareBlaster 2008-05-25 13:26 --------- d-----w C:\Documents and Settings\Paddington\Application Data\uTorrent 2008-05-24 13:17 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-22 18:42 --------- d-----w C:\Documents and Settings\Paddington\Application Data\SUPERAntiSpyware.com 2008-05-21 20:30 --------- d-----w C:\Program Files\Lavasoft 2008-05-20 18:03 --------- d-----w C:\Program Files\Winamp 2008-05-20 18:02 --------- d-----w C:\Documents and Settings\Paddington\Application Data\Winamp 2008-05-16 17:12 --------- d-----w C:\Program Files\VideoLAN 2008-04-23 18:47 --------- d-----w C:\Program Files\RoomEQWizard 2008-04-17 18:56 --------- d-----w C:\Program Files\Microsoft Works 2008-04-17 18:55 --------- d-----w C:\Documents and Settings\Paddington\Application Data\OfficeUpdate12 2008-04-17 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-17 18:45 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-17 18:45 --------- d-----w C:\Program Files\Common Files\L&H 2008-04-17 18:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-17 16:36 --------- d-----w C:\Program Files\ieSpell 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll 2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll 2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys 2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys 2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys 2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys 2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys 2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys 2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c08da38-208c-4dea-a3fd-8e66ad629002}] 2008-05-25 17:18 136704 --a------ C:\WINDOWS\system32\jymnsgpo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1CBE297-32A3-44DC-A98F-BD465AA42670}] C:\WINDOWS\system32\iifeeeeF.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 12:13 61440] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll] "PtiuPbmd"="ptipbm.dll" [2003-01-15 13:41 24576 C:\WINDOWS\system32\ptipbm.dll] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "JulaPan"="JulaPan.Exe" [2006-09-05 11:08 417792 C:\WINDOWS\system32\JulaPan.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk] backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe70d3b61] --a------ 2008-05-24 16:33 126464 C:\WINDOWS\system32\ndfmhvxx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a--c--- 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e43e08fd] C:\WINDOWS\system32\jfgugxsr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-09-15 10:12 37888 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] --a--c--- 2003-03-11 16:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD] -rahs---- 2008-01-28 12:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Zattoo\\Zattoo.exe"= "C:\\Program Files\\Zattoo\\zattood.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55] R3 JULA_01;Service for Juli@ 1;C:\WINDOWS\system32\drivers\JulaWdm.sys [2006-09-05 11:08] R3 JULA_AA;Service for Juli@ Audio Driver (EWDM);C:\WINDOWS\system32\drivers\Jula.sys [2006-09-05 11:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 17:37:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-05-25 17:38:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-25 15:38:44 ComboFix2.txt 2008-01-20 17:19:35 Pre-Run: 5,375,897,600 bytes free Post-Run: 5,267,058,688 bytes free 303 Clutch Lenke til kommentar
norbat Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\fxokjlgb.dll C:\WINDOWS\system32\jymnsgpo.dll C:\WINDOWS\system32\jwqarfdu.dll C:\WINDOWS\system32\jdnkpwjb.dll C:\WINDOWS\system32\lfiikswh.dll C:\WINDOWS\system32\huuciupr.dll C:\WINDOWS\system32\ndfmhvxx.dll C:\WINDOWS\system32\volrnadh.dll C:\WINDOWS\system32\ylbfsgxm.dll C:\WINDOWS\system32\bbtixkdy.dll C:\WINDOWS\system32\ebjundle.dll C:\WINDOWS\system32\jmpdaocs.dll C:\WINDOWS\system32\xplkoqki.dll Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c08da38-208c-4dea-a3fd-8e66ad629002}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1CBE297-32A3-44DC-A98F-BD465AA42670}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe70d3b61] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e43e08fd] Post ny combofix-logg Ønsker også å se SAS-loggen (preferences->statistics/logs) Du setter spoiler ved å merke den teksten du vil skule, åpne Sidepanelet - velg 'Sett inn: SPOILER', klikk OK. Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Takker for tilbakemelding og tips! Ny Combofix-Log: ComboFix 08-05-24.1 - Paddington 2008-05-25 18:34:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1613 [GMT 2:00] Running from: C:\Documents and Settings\Paddington\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Paddington\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups . ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-25 17:21 . 2008-05-25 17:21 115,712 --a------ C:\WINDOWS\system32\fxokjlgb.dll 2008-05-25 17:18 . 2008-05-25 17:18 136,704 --a------ C:\WINDOWS\system32\jymnsgpo.dll 2008-05-25 17:13 . 2008-05-25 17:13 125,440 --a------ C:\WINDOWS\system32\jwqarfdu.dll 2008-05-24 20:17 . 2008-05-24 20:17 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-24 19:49 . 2008-05-24 19:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-24 17:54 . 2008-05-24 17:54 136,192 --a------ C:\WINDOWS\system32\jdnkpwjb.dll 2008-05-24 17:49 . 2008-05-24 17:49 126,464 --a------ C:\WINDOWS\system32\lfiikswh.dll 2008-05-24 17:49 . 2008-05-24 17:49 115,200 --a------ C:\WINDOWS\system32\huuciupr.dll 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-24 16:33 . 2008-05-24 16:33 126,464 --a------ C:\WINDOWS\system32\ndfmhvxx.dll 2008-05-23 22:22 . 2008-05-23 22:22 133,632 --a------ C:\WINDOWS\system32\volrnadh.dll 2008-05-23 22:19 . 2008-05-23 22:19 115,200 --a------ C:\WINDOWS\system32\ylbfsgxm.dll 2008-05-23 22:13 . 2008-05-23 22:13 126,464 --a------ C:\WINDOWS\system32\bbtixkdy.dll 2008-05-23 17:56 . 2006-10-03 21:51 2,051,506 --a------ C:\Documents and Settings\Paddington\Juli@_v21.zip 2008-05-22 22:21 . 2008-05-22 22:21 134,144 --a------ C:\WINDOWS\system32\ebjundle.dll 2008-05-22 22:15 . 2008-05-22 22:15 115,200 --a------ C:\WINDOWS\system32\jmpdaocs.dll 2008-05-22 22:12 . 2008-05-22 22:12 126,464 --a------ C:\WINDOWS\system32\xplkoqki.dll 2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-21 22:29 . 2008-05-22 20:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Documents and Settings\Paddington\Application Data\JLC's Software 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-01 16:55 . 2008-05-01 16:55 9,640 --a------ C:\cover.jpg 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 13:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-25 13:56 --------- d-----w C:\Program Files\SpywareBlaster 2008-05-25 13:26 --------- d-----w C:\Documents and Settings\Paddington\Application Data\uTorrent 2008-05-24 13:17 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-22 18:42 --------- d-----w C:\Documents and Settings\Paddington\Application Data\SUPERAntiSpyware.com 2008-05-21 20:30 --------- d-----w C:\Program Files\Lavasoft 2008-05-20 18:03 --------- d-----w C:\Program Files\Winamp 2008-05-20 18:02 --------- d-----w C:\Documents and Settings\Paddington\Application Data\Winamp 2008-05-16 17:12 --------- d-----w C:\Program Files\VideoLAN 2008-04-23 18:47 --------- d-----w C:\Program Files\RoomEQWizard 2008-04-17 18:56 --------- d-----w C:\Program Files\Microsoft Works 2008-04-17 18:55 --------- d-----w C:\Documents and Settings\Paddington\Application Data\OfficeUpdate12 2008-04-17 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-17 18:45 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-17 18:45 --------- d-----w C:\Program Files\Common Files\L&H 2008-04-17 18:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-17 16:36 --------- d-----w C:\Program Files\ieSpell 2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys 2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 12:13 61440] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll] "PtiuPbmd"="ptipbm.dll" [2003-01-15 13:41 24576 C:\WINDOWS\system32\ptipbm.dll] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "JulaPan"="JulaPan.Exe" [2006-09-05 11:08 417792 C:\WINDOWS\system32\JulaPan.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk] backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a--c--- 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-09-15 10:12 37888 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] --a--c--- 2003-03-11 16:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD] -rahs---- 2008-01-28 12:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Zattoo\\Zattoo.exe"= "C:\\Program Files\\Zattoo\\zattood.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55] R3 JULA_01;Service for Juli@ 1;C:\WINDOWS\system32\drivers\JulaWdm.sys [2006-09-05 11:08] R3 JULA_AA;Service for Juli@ Audio Driver (EWDM);C:\WINDOWS\system32\drivers\Jula.sys [2006-09-05 11:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 18:35:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-25 18:36:37 ComboFix-quarantined-files.txt 2008-05-25 16:36:27 ComboFix2.txt 2008-05-25 15:38:48 ComboFix3.txt 2008-01-20 17:19:35 Pre-Run: 5,240,287,232 bytes free Post-Run: 5,221,797,888 bytes free 248 SAS-logg kommer snart. Clutch Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 SAS-Log: SUPERAntiSpyware Scan Log Generated 05/25/2008 at 06:59 PM Application Version : 3.6.1000 Core Rules Database Version : 3468 Trace Rules Database Version: 1459 Scan type : Quick Scan Total Scan Time : 00:17:18 Memory items scanned : 285 Memory threats detected : 0 Registry items scanned : 894 Registry threats detected : 0 File items scanned : 13514 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Paddington\Cookies\[email protected][1].txt Trojan.Unknown Origin C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HAQWXEPV.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KXSXEEDN.DLL.VIR Adware.Vundo Variant C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JFGUGXSR.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SPFSRQXP.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VNYCOPTT.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XSKAGQKA.DLL.VIR Clutch Lenke til kommentar
norbat Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\fxokjlgb.dll C:\WINDOWS\system32\jymnsgpo.dll C:\WINDOWS\system32\jwqarfdu.dll C:\WINDOWS\system32\jdnkpwjb.dll C:\WINDOWS\system32\lfiikswh.dll C:\WINDOWS\system32\huuciupr.dll C:\WINDOWS\system32\ndfmhvxx.dll C:\WINDOWS\system32\volrnadh.dll C:\WINDOWS\system32\ylbfsgxm.dll C:\WINDOWS\system32\bbtixkdy.dll C:\WINDOWS\system32\ebjundle.dll C:\WINDOWS\system32\jmpdaocs.dll C:\WINDOWS\system32\xplkoqki.dll Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den. Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Takker så mye for hjelp. Her er Avenger-Log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\fxokjlgb.dll" deleted successfully. File "C:\WINDOWS\system32\jymnsgpo.dll" deleted successfully. File "C:\WINDOWS\system32\jwqarfdu.dll" deleted successfully. File "C:\WINDOWS\system32\jdnkpwjb.dll" deleted successfully. File "C:\WINDOWS\system32\lfiikswh.dll" deleted successfully. File "C:\WINDOWS\system32\huuciupr.dll" deleted successfully. File "C:\WINDOWS\system32\ndfmhvxx.dll" deleted successfully. File "C:\WINDOWS\system32\volrnadh.dll" deleted successfully. File "C:\WINDOWS\system32\ylbfsgxm.dll" deleted successfully. File "C:\WINDOWS\system32\bbtixkdy.dll" deleted successfully. File "C:\WINDOWS\system32\ebjundle.dll" deleted successfully. File "C:\WINDOWS\system32\jmpdaocs.dll" deleted successfully. File "C:\WINDOWS\system32\xplkoqki.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. Clutch Lenke til kommentar
norbat Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Så en ny combofix-logg til slutt, for å se om det evt. kan ligge noe rusk igjen. Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Ny Combofix-Log: ComboFix 08-05-24.1 - Paddington 2008-05-25 20:09:24.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1669 [GMT 2:00] Running from: C:\Documents and Settings\Paddington\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-25 20:08 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-24 20:17 . 2008-05-24 20:17 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-24 19:49 . 2008-05-24 19:49 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-24 17:38 . 2008-05-24 17:38 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-23 17:56 . 2006-10-03 21:51 2,051,506 --a------ C:\Documents and Settings\Paddington\Juli@_v21.zip 2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-21 22:29 . 2008-05-22 20:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-17 19:53 . 2008-05-17 19:53 <DIR> d-------- C:\Documents and Settings\Paddington\Application Data\JLC's Software 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-01 16:55 . 2008-05-01 16:55 9,640 --a------ C:\cover.jpg 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 18:08 --------- d-----w C:\Program Files\Java 2008-05-25 16:40 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-25 13:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-25 13:56 --------- d-----w C:\Program Files\SpywareBlaster 2008-05-25 13:26 --------- d-----w C:\Documents and Settings\Paddington\Application Data\uTorrent 2008-05-22 18:42 --------- d-----w C:\Documents and Settings\Paddington\Application Data\SUPERAntiSpyware.com 2008-05-21 20:30 --------- d-----w C:\Program Files\Lavasoft 2008-05-20 18:03 --------- d-----w C:\Program Files\Winamp 2008-05-20 18:02 --------- d-----w C:\Documents and Settings\Paddington\Application Data\Winamp 2008-05-16 17:12 --------- d-----w C:\Program Files\VideoLAN 2008-04-23 18:47 --------- d-----w C:\Program Files\RoomEQWizard 2008-04-17 18:56 --------- d-----w C:\Program Files\Microsoft Works 2008-04-17 18:55 --------- d-----w C:\Documents and Settings\Paddington\Application Data\OfficeUpdate12 2008-04-17 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-17 18:45 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-17 18:45 --------- d-----w C:\Program Files\Common Files\L&H 2008-04-17 18:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-17 16:36 --------- d-----w C:\Program Files\ieSpell 2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-25_17.38.31.81 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-25 15:36:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-25 17:44:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2006-10-12 00:35:14 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-10-12 00:35:24 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-10-12 02:10:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 12:13 61440] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll] "PtiuPbmd"="ptipbm.dll" [2003-01-15 13:41 24576 C:\WINDOWS\system32\ptipbm.dll] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "JulaPan"="JulaPan.Exe" [2006-09-05 11:08 417792 C:\WINDOWS\system32\JulaPan.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk] backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a--c--- 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2004-09-15 10:12 37888 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] --a--c--- 2003-03-11 16:24 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD] -rahs---- 2008-01-28 12:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Zattoo\\Zattoo.exe"= "C:\\Program Files\\Zattoo\\zattood.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55] R3 JULA_01;Service for Juli@ 1;C:\WINDOWS\system32\drivers\JulaWdm.sys [2006-09-05 11:08] R3 JULA_AA;Service for Juli@ Audio Driver (EWDM);C:\WINDOWS\system32\drivers\Jula.sys [2006-09-05 11:08] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 20:10:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-25 20:11:17 ComboFix-quarantined-files.txt 2008-05-25 18:11:08 ComboFix2.txt 2008-05-25 16:36:38 ComboFix3.txt 2008-05-25 15:38:48 ComboFix4.txt 2008-01-20 17:19:35 Pre-Run: 5,087,350,784 bytes free Post-Run: 5,072,244,736 bytes free 244 Clutch Lenke til kommentar
norbat Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Fint Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Surf trygt. Lenke til kommentar
Clutch Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 Fint Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Surf trygt. Aiaiai.......da sier jeg Tusen Takk for hjelpen norbat! Dette satt jeg pris på. mvh Clutch Lenke til kommentar
r2d290 Skrevet 25. mai 2008 Del Skrevet 25. mai 2008 (endret) Da kan du endre emnetittelen din, ved å ta full redigering på førsteposten din, og skrive: [LØST] foran emnetittelen din. Dette vil hjelpe til med å holde forumet ryddig edit: glem det. det kan jo ikke du gjøre :/ Endret 25. mai 2008 av r2d290 Lenke til kommentar
sjabby Skrevet 20. juni 2008 Del Skrevet 20. juni 2008 Jeg har samme problemet den maser etter en dll fil etter oppstart.. her er min combofix log: ComboFix 08-06-19.4 - kølle 2008-06-21 0:01:44.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.401 [GMT 2:00] Running from: C:\Documents and Settings\kølle\Skrivebord\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))) . 2008-06-20 23:57 . 2008-06-20 23:57 <DIR> dr-h----- C:\Documents and Settings\kølle\Siste 2008-06-20 23:57 . 2008-06-20 23:57 <DIR> dr-h----- C:\Documents and Settings\kølle\Siste 2008-06-20 23:56 . 2008-06-20 23:56 <DIR> d-------- C:\Documents and Settings\k°lle 2008-06-20 23:52 . 2008-06-20 23:52 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-20 20:51 . 2008-06-20 20:51 79,872 --a------ C:\WINDOWS\system32\ojxuubrk.dll 2008-06-20 20:48 . 2008-06-20 20:48 99,328 --a------ C:\WINDOWS\system32\dkuhxbeh.dll 2008-06-20 20:45 . 2008-06-20 20:45 90,624 --a------ C:\WINDOWS\system32\jgvbjlcv.dll 2008-06-20 20:13 . 2008-06-20 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-20 20:12 . 2008-06-20 20:12 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-20 20:12 . 2008-06-20 20:12 <DIR> d-------- C:\Documents and Settings\kølle\Programdata\SUPERAntiSpyware.com 2008-06-20 20:12 . 2008-06-20 20:12 <DIR> d-------- C:\Documents and Settings\kølle\Programdata\SUPERAntiSpyware.com 2008-06-20 20:12 . 2008-06-20 20:12 <DIR> d-------- C:\Documents and Settings\kølle\Programdata\SUPERAntiSpyware.com 2008-06-20 20:10 . 2008-06-20 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-20 19:58 . 2008-06-20 19:58 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-20 19:52 . 2008-06-20 19:57 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-06-20 15:49 . 2008-06-20 15:51 <DIR> d-------- C:\Programfiler\Yahoo! 2008-06-20 15:38 . 2008-06-20 15:52 <DIR> d-------- C:\Programfiler\CCleaner 2008-06-15 14:05 . 2008-06-15 14:05 8 --a------ C:\WINDOWS\system32\169b0f35 2008-06-13 14:46 . 2008-06-13 14:49 <DIR> d-------- C:\Programfiler\RegistrySmart . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 17:41 --------- d-----w C:\Programfiler\Google 2008-06-20 14:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-19 15:54 31,926 ----a-w C:\Documents and Settings\kølle\Programdata\wklnhst.dat 2008-06-19 15:54 31,926 ----a-w C:\Documents and Settings\kølle\Programdata\wklnhst.dat 2008-06-19 15:54 31,926 ----a-w C:\Documents and Settings\kølle\Programdata\wklnhst.dat 2008-06-09 18:44 --------- d-----w C:\Documents and Settings\kølle\Programdata\Azureus 2008-06-09 18:44 --------- d-----w C:\Documents and Settings\kølle\Programdata\Azureus 2008-06-09 18:44 --------- d-----w C:\Documents and Settings\kølle\Programdata\Azureus 2008-05-17 16:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2008-05-16 09:28 212,024 ----a-w C:\WINDOWS\system32\nscrnsav.scr 2008-05-14 18:11 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-05-14 18:10 --------- d-----w C:\Documents and Settings\kølle\Programdata\AdobeUM 2008-05-14 18:10 --------- d-----w C:\Documents and Settings\kølle\Programdata\AdobeUM 2008-05-14 18:10 --------- d-----w C:\Documents and Settings\kølle\Programdata\AdobeUM 2008-04-20 10:48 --------- d-----w C:\Programfiler\Azureus 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2006-01-14 09:43 320 -c--a-w C:\Documents and Settings\Else Marie\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-20_23.55.33.57 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4150a87-9868-40d4-8ea5-2735b3783fb0}] C:\WINDOWS\system32\qtlwlxwh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C769E703-2929-44B2-89E8-C39913D046EA}] C:\WINDOWS\system32\cbXpOIxV.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 12:12 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 09:47 277616] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "169b1dbb"="C:\WINDOWS\system32\cdvcbdyy.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2004-12-23 12:07:30 569405] HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NVOY;Norman's Very Own supplY of resources;"C:\Norman\npm\bin\nvoy.exe" [2008-02-07 11:07] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 17:18] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Norman\Nvc\bin\nvcoas.exe" [2008-04-30 13:28] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6354a86-ec66-11dc-9293-0010c6e8684f}] \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-06-19 14:57:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 00:03:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????6?8?4?1??@???? ???B?????????????hLC???????? scanning hidden files ... ************************************************************************** . Completion time: 2008-06-21 0:05:24 ComboFix-quarantined-files.txt 2008-06-20 22:04:21 ComboFix2.txt 2008-06-20 21:55:59 Pre-Run: 11,669,790,720 byte ledig Post-Run: 11,662,077,952 byte ledig 133 --- E O F --- 2008-06-01 19:54:46 Noen forslag? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå