(Løst) En som kan kikke på Hijackthis og combofix logg?

SteffenMA · 25. mai 2008

Hey =)

Jeg har fått et lite angrep på pcen, det popper opp sanne antivirus hjelpeprogram støtt og stadig. Har kjørt utallige virusprogram, spyware, spybot og combofix.

Lurer på om det ser bra ut?

Hmmm..fikk akkurat opp en sann popup når jeg skrev denne posten, tydelig at noe henger igjen

Combofix log:

ComboFix 08-05-24.1 - Steffen 2008-05-25 17:33:07.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1347 [GMT 2:00]

Running from: C:\Documents and Settings\Steffen\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMefb587f3.xml

C:\WINDOWS\Downloaded Program Files\ODCTOOLS

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bdfhPqru.ini

C:\WINDOWS\system32\bdfhPqru.ini2

C:\WINDOWS\system32\MSINET.oca

.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))

.

2008-12-22 06:59 . 2008-12-22 06:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll

2008-12-22 06:59 . 2008-12-22 06:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll

2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll

2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll

2008-12-22 06:58 . 2008-12-22 06:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll

2008-12-22 06:52 . 2008-12-22 06:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll

2008-05-25 15:55 . 2008-05-25 15:55 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-05-25 15:55 . 2008-05-25 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-05-25 15:17 . 2008-05-25 15:30 <DIR> d-------- C:\Documents and Settings\Steffen\.housecall6.6

2008-05-25 13:51 . 2008-05-25 13:51 <DIR> dr-h----- C:\Documents and Settings\Steffen\Siste

2008-05-25 01:12 . 2008-05-25 01:12 105,024 --------- C:\WINDOWS\system32\twrqofpi.dll_old

2008-05-25 01:12 . 2008-05-25 01:12 102,464 --------- C:\WINDOWS\system32\yliwuyqd.dll_old

2008-05-24 13:16 . 2008-05-24 13:16 58,880 --a------ C:\WINDOWS\system32\rqRHwXoN.dll

2008-05-24 13:09 . 2008-05-24 13:09 280,064 --------- C:\WINDOWS\system32\urqPhfdb.dll_old

2008-05-24 13:04 . 2008-05-24 13:04 58,880 --a------ C:\WINDOWS\system32\byXroLCs.dll

2008-05-23 13:43 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-23 13:40 . 2008-05-23 13:40 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-05-23 13:39 . 2008-05-23 13:41 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-23 13:39 . 2008-05-23 13:39 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-05-23 13:39 . 2008-05-23 13:39 <DIR> d-------- C:\Programfiler\Microsoft

2008-05-18 19:38 . 2008-05-18 19:38 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-18 19:38 . 2008-05-18 19:38 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-18 19:38 . 2008-05-18 19:38 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-18 19:37 . 2008-05-18 19:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-18 19:28 . 2008-05-18 19:28 <DIR> d-------- C:\WINDOWS\EHome

2008-05-18 19:04 . 2008-05-20 16:59 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-05-18 16:00 . 2008-05-18 16:19 <DIR> d-------- C:\Programfiler\maxis

2008-05-13 20:55 . 2008-05-13 20:55 <DIR> dr-h----- C:\Documents and Settings\Steffen\Programdata\SecuROM

2008-05-13 20:55 . 2008-05-25 01:22 <DIR> d-------- C:\Documents and Settings\Steffen\Programdata\Bioshock

2008-05-13 17:45 . 2008-05-13 17:45 <DIR> d-------- C:\Programfiler\uTorrent

2008-05-13 17:45 . 2008-05-25 02:05 <DIR> d-------- C:\Documents and Settings\Steffen\Programdata\uTorrent

2008-05-12 13:29 . 2008-05-12 13:29 292 --ah----- C:\sqmdata18.sqm

2008-05-12 13:29 . 2008-05-12 13:29 244 --ah----- C:\sqmnoopt18.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-13 17:59 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:39 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3587E433-1B6E-4F58-AC4D-152DAD68A021}]

C:\WINDOWS\system32\urqPhfdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7013934b-acfa-4655-83bd-9063d72abf6e}]

C:\WINDOWS\system32\twrqofpi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E09D32C-E5E6-4184-B177-784CEE1E09C4}]

2008-05-24 13:04 58880 --a------ C:\WINDOWS\system32\byXroLCs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 21:29 68856]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-12-03 12:01 2826240]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 16:00 282624 C:\WINDOWS\stsystra.exe]

"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-08-16 18:01 98304]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"BMefb587f3"="C:\WINDOWS\system32\yliwuyqd.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{7E09D32C-E5E6-4184-B177-784CEE1E09C4}"= C:\WINDOWS\system32\byXroLCs.dll [2008-05-24 13:04 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXroLCs]

byXroLCs.dll 2008-05-24 13:04 58880 C:\WINDOWS\system32\byXroLCs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Belkin\\F5D7051\\WLanCfgG.exe"=

"C:\\Programfiler\\Belkin\\F5D7051\\WLService.exe"=

"C:\\Programfiler\\Adobe\\Acrobat 4.0\\Reader\\AcroRd32.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxx\\half-life\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxx\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\Sierra\\FEAR\\FEAR.exe"=

"C:\\Programfiler\\Sierra\\FEAR\\FEARMP.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\id Software\\Quake 4\\Quake4.exe"=

"C:\\Programfiler\\EA Games\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxx\\half-life deathmatch source\\hl2.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxx\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Program Files\\ApexDC++\\ApexDC.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxxx\\team fortress 2\\hl2.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\xxxxxxxxxx\\opposing force\\hl.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 atitray;atitray;C:\Programfiler\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

S3 DellBIOS;DellBIOS;C:\DOCUME~1\Steffen\LOKALE~1\Temp\DellBIOS.Sys []

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]

S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]

S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]

S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

S4 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2007-09-09 00:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e096791-0edd-11dc-84cd-806d6172696f}]

\Shell\AutoRun\command - setupSNK.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-25 15:44:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-05-15 19:49:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2007-06-10 19:49:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-25 17:42:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\byXroLCs.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\Programfiler\Belkin\F5D7051\WLService.exe

C:\Programfiler\Belkin\F5D7051\WLanCfgG.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Completion time: 2008-05-25 17:47:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-25 15:47:01

Pre-Run: 44,557,266,944 byte ledig

Post-Run: 49,932,865,536 byte ledig

277 --- E O F --- 2008-05-23 22:01:24

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:53:52, on 25.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Belkin\F5D7051\WLService.exe

C:\Programfiler\Belkin\F5D7051\WLanCfgG.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\FRAPS\FRAPS.EXE

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/viewsonic

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {3587E433-1B6E-4F58-AC4D-152DAD68A021} - C:\WINDOWS\system32\urqPhfdb.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: {e6fba27d-3609-db38-5564-afcab4393107} - {7013934b-acfa-4655-83bd-9063d72abf6e} - C:\WINDOWS\system32\twrqofpi.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E09D32C-E5E6-4184-B177-784CEE1E09C4} - C:\WINDOWS\system32\byXroLCs.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [bMefb587f3] Rundll32.exe "C:\WINDOWS\system32\yliwuyqd.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\NYOFFI~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\NYOFFI~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB

O20 - Winlogon Notify: byXroLCs - C:\WINDOWS\SYSTEM32\byXroLCs.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\F5D7051\WLService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9830 bytes

Endret 25. mai 2008 av SteffenMA

norbat · 25. mai 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\twrqofpi.dll_old

C:\WINDOWS\system32\yliwuyqd.dll_old

C:\WINDOWS\system32\rqRHwXoN.dll

C:\WINDOWS\system32\urqPhfdb.dll_old

C:\WINDOWS\system32\byXroLCs.dll

Folder::

C:\Programfiler\Fellesfiler\BOONTY Shared

Driver::

Boonty Games

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3587E433-1B6E-4F58-AC4D-152DAD68A021}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7013934b-acfa-4655-83bd-9063d72abf6e}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E09D32C-E5E6-4184-B177-784CEE1E09C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BMefb587f3"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{7E09D32C-E5E6-4184-B177-784CEE1E09C4}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXroLCs]

Post ny combofix-logg + hjt-logg

SteffenMA · 25. mai 2008

Virker mye mye raskere nå

Combofix log:

ComboFix 08-05-24.1 - Steffen 2008-05-25 18:46:45.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1444 [GMT 2:00]

Running from: C:\Documents and Settings\Steffen\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Steffen\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\byXroLCs.dll

C:\WINDOWS\system32\rqRHwXoN.dll

C:\WINDOWS\system32\twrqofpi.dll_old

C:\WINDOWS\system32\urqPhfdb.dll_old

C:\WINDOWS\system32\yliwuyqd.dll_old

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\Fellesfiler\BOONTY Shared

C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

C:\WINDOWS\BMefb587f3.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\byXroLCs.dll

C:\WINDOWS\system32\fhupgoqd.dll

C:\WINDOWS\system32\lbeqwlur.dll

C:\WINDOWS\system32\qfhbkiwp.exe

C:\WINDOWS\system32\rqRHwXoN.dll

C:\WINDOWS\system32\rqRjKEus.dll

C:\WINDOWS\system32\rulwqebl.ini

C:\WINDOWS\system32\suEKjRqr.ini

C:\WINDOWS\system32\suEKjRqr.ini2

C:\WINDOWS\system32\twrqofpi.dll_old

C:\WINDOWS\system32\upowadla.dll

C:\WINDOWS\system32\urqPhfdb.dll_old

C:\WINDOWS\system32\yliwuyqd.dll_old

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))

.

2008-12-22 06:59 . 2008-12-22 06:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll

2008-12-22 06:59 . 2008-12-22 06:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll

2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll

2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll

2008-12-22 06:58 . 2008-12-22 06:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll

2008-12-22 06:52 . 2008-12-22 06:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll

2008-05-25 18:28 . 2008-05-25 18:28 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-25 18:28 . 2008-05-25 18:28 <DIR> d-------- C:\Documents and Settings\Steffen\Programdata\SUPERAntiSpyware.com

2008-05-25 17:51 . 2008-05-25 17:51 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-25 15:55 . 2008-05-25 18:21 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-05-25 15:55 . 2008-05-25 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-05-25 15:17 . 2008-05-25 15:30 <DIR> d-------- C:\Documents and Settings\Steffen\.housecall6.6

2008-05-25 13:51 . 2008-05-25 18:43 <DIR> dr-h----- C:\Documents and Settings\Steffen\Siste