Sliter fremdeles med spyware etter timer med fjerning

Rage · 2. juli 2008

Noen som kan se igjennom combofix loggen min?

All hjelp taes imot med takk!

ComboFix 08-06-30.2 - Andreas 2008-07-03 1:28:28.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1630 [GMT 2:00]

Running from: C:\Documents and Settings\Andreas\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\nysbsl.dll

C:\WINDOWS\system32\rakvkdvs.dll

C:\WINDOWS\system32\rvwhnocn.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))

.

2008-07-03 01:09 . 2008-07-03 01:09 <DIR> d-------- C:\Program Files\Trend Micro

2008-07-03 00:44 . 2008-07-03 00:44 <DIR> d-------- C:\Documents and Settings\Andreas\Application Data\Malwarebytes

2008-07-02 09:48 . 2008-07-02 09:48 285,184 --a------ C:\WINDOWS\system32\mlJYSjhe.dll_old

2008-06-24 02:36 . 2008-06-24 02:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-24 02:36 . 2008-06-24 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-24 02:36 . 2008-06-24 02:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-06-24 02:36 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-24 02:36 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-24 02:35 . 2008-06-24 02:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-24 02:33 . 2008-06-24 02:34 <DIR> d-------- C:\Spyware

2008-06-24 01:21 . 2008-06-24 05:32 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-06-24 00:42 . 2008-07-02 10:11 557 --a------ C:\WINDOWS\wininit.ini

2008-06-23 15:11 . 2008-06-23 15:11 <DIR> d-------- C:\WINDOWS\system32\RI

2008-06-23 15:11 . 2008-07-02 22:41 <DIR> d-------- C:\WINDOWS\system32\ert

2008-06-23 15:11 . 2008-07-02 22:41 <DIR> d--hs---- C:\WINDOWS\QW5kcmVhcyBO5nJpc3RvcnA

2008-06-23 15:11 . 2008-06-23 15:11 <DIR> d-------- C:\Temp\syschk3

2008-06-23 15:11 . 2008-06-24 02:40 <DIR> d-------- C:\Temp

2008-06-22 14:14 . 2008-06-22 14:14 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information

2008-06-22 14:14 . 2008-06-22 14:14 <DIR> d--h----- C:\Program Files\CanonBJ

2008-06-22 14:14 . 2008-06-22 14:14 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ

2008-06-22 14:14 . 2007-04-16 14:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8V.DLL

2008-06-22 14:12 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-06-22 14:12 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-06-22 04:05 . 2008-03-12 01:44 1,168,824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll

2008-06-22 04:05 . 2005-06-01 12:11 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll

2008-06-22 04:05 . 2002-04-07 22:14 724,992 --a------ C:\WINDOWS\system32\ebCrypt.dll

2008-06-22 04:05 . 2003-05-15 12:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx

2008-06-22 04:05 . 2007-01-04 22:47 376,832 --a------ C:\WINDOWS\system32\cmd22.dll

2008-06-22 04:05 . 2003-10-29 22:43 253,952 --a------ C:\WINDOWS\system32\SkinBoxer43.dll

2008-06-22 04:05 . 2000-01-28 13:58 102,400 --a------ C:\WINDOWS\system32\ccrpprg6.ocx

2008-06-16 20:35 . 2008-06-16 20:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-06-11 01:54 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-11 01:44 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-02 23:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-23 23:27 --------- d-----w C:\Program Files\Windows Live

2008-06-22 23:04 --------- d-----w C:\Documents and Settings\Andreas\Application Data\uTorrent

2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-29 13:03 --------- d-----w C:\Program Files\Java

2008-05-29 13:03 --------- d-----w C:\Program Files\Common Files\Java

2008-05-29 13:00 --------- d-----w C:\Program Files\TV-Browser

2008-05-24 15:50 --------- d-----w C:\Program Files\QuickTime

2008-05-23 16:07 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-23 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-05-23 15:35 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared

2008-05-22 10:12 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-21 20:45 --------- d-----w C:\Program Files\illiminable

2008-05-19 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-19 00:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-19 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-19 00:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-19 00:09 --------- d-----w C:\Program Files\ASUS

2008-05-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 03:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 22:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:01 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 22:00 61,440 ------w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll

2008-04-13 21:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 21:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 21:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-13 20:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-13 20:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 20:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:56 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2005-07-29 14:24 472 --sha-r C:\WINDOWS\QW5kcmVhcyBO5nJpc3RvcnA\kqc4wAp1wV1icBLDwalSwBE.vbs

.

((((((((((((((((((((((((((((( snapshot@2008-06-24_ 2.51.09,57 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-24 00:46:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-02 23:31:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2006-10-25 11:18:06 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll

+ 2008-05-02 12:22:56 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll

- 2008-06-23 23:17:32 40,972 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-07-02 23:21:49 40,972 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-23 23:17:32 314,644 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-02 23:21:49 314,644 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StatBar"="D:\Apps\statusbar\StatBar.exe" [2002-04-01 02:30 245760]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe" [2005-02-09 00:06 356352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 10:40 594944]

"IRC for EFNET"="C:\ircN for EFnet\SYSTEM\mirc.exe" [2005-11-29 13:34 1949696]

"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 13:45 549376]

"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 14:10 1126400]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM 101784]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Andreas^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

path=C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\PowerReg Scheduler.exe

backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2003-10-02 03:20 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2004-10-29 16:50 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-02-13 20:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]

--a------ 2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-02-02 11:47 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\ircN for EFnet\\SYSTEM\\mirc.exe"=

"D:\\ircN\\SYSTEM\\mirc.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"K:\\Quake2\\quake2.exe.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 04:16]

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-08-29 04:04]

R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 15:37]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 12:22]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]

S3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28de26ab-f789-11dc-b687-0008a188dbf2}]

\Shell\Auto\command - F:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9153d6df-f522-11dc-b686-0008a188dbf2}]

\Shell\Auto\command - E:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa7bf37a-1398-11dc-b664-0008a188dbf2}]

\Shell\AutoRun\command - M:\wd_windows_tools\setup.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 01:31:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2008-07-03 1:35:00 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-02 23:34:57

ComboFix2.txt 2008-07-02 10:03:53

ComboFix3.txt 2008-07-02 08:30:25

ComboFix4.txt 2008-06-24 00:51:55

Pre-Run: 20,417,896,448 bytes free

Post-Run: 20,444,196,864 bytes free

227 --- E O F --- 2008-06-21 01:00:51

norbat · 2. juli 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\mlJYSjhe.dll_old

Folder::

C:\WINDOWS\system32\RI

C:\WINDOWS\system32\ert

C:\WINDOWS\QW5kcmVhcyBO5nJpc3RvcnA

C:\Temp\syschk3

Last ned CCleaner.

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Fortell hvordan det går med problemet.

Rage · 3. juli 2008

Ser ut som det gjorde susen foreløpig.

Tusen takk!

Poster igjen hvis det skulle dukke opp noe mer de neste par dagene.

Logg inn

Sliter fremdeles med spyware etter timer med fjerning

Anbefalte innlegg

Rage

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Rage

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer