Generic10.ZFU i C:\system volume information HJ og combofix logg følger!

treeHugger123 · 25. juni 2008

som tittelen forklarer har jeg tydeligvis fått virus i C:\system volume information!! det var NOD32 som fant den, men jeg har fårr virus advarselen ganske mange ganger så jeg vet ikke om den har fjernet den ordentlig...

--------------------------

Trojan horse Generic10.ZFU C:\system volume information\_restore(386c2B55-4E....

--------------------------

jeg legger ved hijack og combofix logg som jeg håper dere kan se på!!!!

HIJACKTHIS LOG :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:17:17, on 25.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214227923734

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 5032 bytes

COMBOFIX LOGG :

ComboFix 08-06-20.4 - Yngve 2008-06-25 21:35:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1041 [GMT 2:00]

Running from: C:\Documents and Settings\Yngve\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))

.

2008-06-25 19:42 . 2008-06-25 19:42 <DIR> d-------- C:\WINDOWS\LastGood

2008-06-25 19:40 . 2008-06-25 19:40 319 --a------ C:\WINDOWS\game.ini

2008-06-25 19:35 . 2008-06-25 19:35 <DIR> d-------- C:\Program Files\Activision

2008-06-25 19:33 . 2008-06-25 19:33 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-06-25 16:41 . 2008-06-25 16:41 <DIR> d-------- C:\Documents

2008-06-25 13:32 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-25 12:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-25 12:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-25 12:22 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-24 21:18 . 2008-06-25 12:22 <DIR> d-------- C:\Documents and Settings\Yngve\Contacts

2008-06-24 21:07 . 2008-04-14 02:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-06-24 21:07 . 2008-04-14 02:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-06-24 21:06 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-06-24 21:06 . 2008-04-13 20:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-06-24 21:06 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-24 21:06 . 2008-04-13 20:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-06-24 21:05 . 2008-06-24 21:16 <DIR> d-------- C:\Program Files\Windows Live

2008-06-24 21:05 . 2008-06-24 21:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-06-24 21:05 . 2008-06-24 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-24 19:16 . 2008-06-24 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft

2008-06-24 19:05 . 2008-06-24 19:05 <DIR> d-------- C:\Program Files\Ubisoft

2008-06-24 12:39 . 2008-06-24 12:43 <DIR> d-------- C:\Program Files\Microsoft Virtual PC

2008-06-23 22:40 . 2008-06-25 20:26 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-06-23 22:40 . 2008-06-25 19:41 22,328 --a------ C:\Documents and Settings\Yngve\Application Data\PnkBstrK.sys

2008-06-23 22:39 . 2008-06-23 22:39 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-06-23 22:39 . 2008-06-25 20:26 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-06-23 22:39 . 2008-06-25 20:02 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-06-23 22:32 . 2008-06-24 10:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-06-23 21:37 . 2008-06-23 21:39 <DIR> d-------- C:\Documents and Settings\Yngve\Application Data\Azureus

2008-06-23 21:37 . 2008-06-23 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-06-23 21:08 . 2008-06-23 21:37 <DIR> d-------- C:\Program Files\Vuze

2008-06-23 21:07 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-23 21:06 . 2008-06-23 21:06 <DIR> d-------- C:\Program Files\Java

2008-06-23 21:05 . 2008-06-23 21:05 <DIR> d-------- C:\Program Files\Common Files\Java

2008-06-23 21:03 . 2008-06-23 21:03 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-06-23 20:48 . 2008-06-23 20:48 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-23 20:42 . 2008-06-23 20:42 <DIR> d-------- C:\Program Files\Microsoft Games

2008-06-23 20:17 . 2008-06-23 20:17 <DIR> d-------- C:\Program Files\VideoLAN

2008-06-23 20:16 . 2008-06-23 20:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-06-23 20:14 . 2008-06-23 22:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-23 20:14 . 2008-06-23 20:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-23 19:59 . 2008-06-23 19:59 <DIR> d-------- C:\Documents and Settings\Yngve\Application Data\TuneUp Software

2008-06-23 19:59 . 2008-06-23 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-06-23 19:59 . 2008-06-23 19:59 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-06-23 19:59 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-06-23 19:58 . 2008-06-23 19:59 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008

2008-06-23 19:58 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-06-23 19:56 . 2008-06-23 19:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-23 19:56 . 2008-06-23 19:56 <DIR> d-------- C:\Program Files\PowerISO

2008-06-23 19:56 . 2008-06-23 19:56 <DIR> d-------- C:\Documents and Settings\Yngve\Application Data\SUPERAntiSpyware.com

2008-06-23 19:56 . 2008-06-23 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-23 19:55 . 2008-06-23 19:55 <DIR> d-------- C:\Program Files\CCleaner

2008-06-23 19:54 . 2008-06-23 19:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-23 19:04 . 2008-06-23 19:04 <DIR> d-------- C:\Program Files\Opera

2008-06-23 16:57 . 2008-06-23 16:58 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-06-23 16:57 . 2008-06-23 16:57 <DIR> d-------- C:\WINDOWS\Logs

2008-06-23 16:52 . 2004-12-21 16:51 7,794 --a------ C:\WINDOWS\vp171b-2.cat

2008-06-23 16:52 . 2005-03-04 05:41 7,786 --a------ C:\WINDOWS\g90f-3.cat

2008-06-23 16:52 . 2005-03-03 04:36 7,782 --a------ C:\WINDOWS\q51-9.cat

2008-06-23 16:52 . 2004-12-20 11:38 1,224 --a------ C:\WINDOWS\VP171b-2.inf

2008-06-23 16:52 . 2005-03-01 16:43 1,204 --a------ C:\WINDOWS\Q51-9.inf

2008-06-23 16:52 . 2005-03-01 16:43 1,164 --a------ C:\WINDOWS\G90f-3.inf

2008-06-23 16:52 . 2004-09-16 06:18 512 --a------ C:\WINDOWS\VP171b-2.icm

2008-06-23 16:52 . 2004-11-04 01:00 512 --a------ C:\WINDOWS\Q51-9.icm

2008-06-23 16:52 . 2004-07-23 01:00 512 --a------ C:\WINDOWS\G90f-3.icm

2008-06-23 16:42 . 2008-06-23 16:42 <DIR> d-------- C:\Program Files\NVIDIA Corporation

2008-06-23 16:41 . 2008-06-23 16:41 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-06-23 16:33 . 2008-06-23 16:35 <DIR> d-------- C:\Program Files\ViewSonic

2008-06-23 16:33 . 2008-06-23 16:33 <DIR> d-------- C:\Documents and Settings\Yngve\Application Data\Leadertech

2008-06-23 16:33 . 2008-06-23 16:34 102 --a------ C:\WINDOWS\VSWizard.ini

2008-06-23 16:29 . 2008-06-23 16:29 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-06-23 16:29 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-23 16:27 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-23 16:24 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-06-23 16:24 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-06-23 16:21 . 2008-06-23 16:21 <DIR> d-------- C:\Program Files\ESET

2008-06-23 16:21 . 2008-06-23 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET

2008-06-23 16:08 . 2008-06-23 16:08 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-06-12 08:28 . 2008-06-12 08:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-23 15:08 --------- d-----w C:\Program Files\Webroot

2008-06-23 15:08 --------- d-----w C:\Documents and Settings\Yngve\Application Data\Webroot

2008-06-23 15:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot

2008-06-23 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot

2008-06-23 14:41 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-23 13:28 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-23 13:28 --------- d-----w C:\Program Files\Realtek

2008-06-23 13:26 --------- d-----w C:\Program Files\Intel

2008-06-23 13:25 --------- d-----w C:\Documents and Settings\Yngve\Application Data\MSN6

2008-06-23 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6

2008-06-23 13:20 558,142 ----a-w C:\WINDOWS\java\Packages\Y6UIWFBF.ZIP

2008-06-23 13:20 155,995 ----a-w C:\WINDOWS\java\Packages\26RPV57L.ZIP

2008-06-23 13:20 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll

2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll

2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll

2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll

2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll

2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll

2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 03:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-13 17:39 438,784 ------w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 17:39 2,897,920 ------w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Vuze\\Azureus.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 02:12]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2002-08-29 14:00]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-23 19:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe

\Shell\dinstall\command - E:\Directx\dxsetup.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PNKBSTRA

*Newly Created Service* - PNKBSTRK

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 21:38:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-25 21:38:59

ComboFix-quarantined-files.txt 2008-06-25 19:38:55

Pre-Run: 400,688,762,880 bytes free

Post-Run: 400,662,511,616 bytes free

221 --- E O F --- 2008-06-25 10:24:05

--------------------------------------------------------------------------------------

grrrrr, hater virus!!! hvorfor må folk lage sånt drit bare for å plage andre?

norbat · 25. juni 2008

Ser greit ut dette.

Skriv combofix /u i kjør-feltet (start->kjør). Dette vil fjerne programmet + nullstille systemgjenopprettingen.

Ta en ny scan med NOD og se om ikke det nå forblir borte.

Logg inn

Generic10.ZFU i C:\system volume information HJ og combofix logg følger!

Anbefalte innlegg

treeHugger123

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3164

Hvem er aktive 0 medlemmer