Just nu i M3-nätverket
Gå till innehåll

Hjälp!


MichaelM

Rekommendera Poster

När jag startar World of warcraft så kommer det upp att jag har en trojan på datorn den heter: Backdoor.Win32.Bifrose.aej

 

Jag har skannat datorn med spybot och AVG, spybot upptäckte Bifrose.LA jag tog bort den men samma varning dök upp när jag startade WoW. Jag har läst på intrenet och på wow forumet och folk säger att man inte ska logga in på sitt wow konto när man har den trojanen. Jag har även skannat med Spybot i felsäkert läge men det upptäckte inte det där heller. Jag har också tittat bland mina startup filer. Där hittade jag ctfmon och gick in på bleeping computer och det stog att det var en trojan. Jag tog bort den från startfilerna men dock kommer samma varning upp när jag startar WoW.

Snälla hjälp mig! Jag vill verkligen kunna spela igen!

 

Tack på förhand.

 

Länk till kommentar
Dela på andra webbplatser

Oftast så är ctfmon en alldeles normal vanlig Windows-fil:

http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html

så sätt du tillbaks den.

 

Vilket program upptäcker Backdoor.Win32.Bifrose.aej?

I vilken mapp och fil finns den?

 

Vi kan se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Länk till kommentar
Dela på andra webbplatser

Här kommer loggen:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:37:36, on 2008-05-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\acer\Acer eConsole\MediaServerService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Acer\Acer eMode Management\AspireService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\Acer\Acer eConsole\MediaSync.exe

C:\Program\Aspire\WFTVFM\WFWIZ.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

E:\Program\DAEMON Tools\daemon.exe

C:\Program\AVG\AVG8\avgrsx.exe

N:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\AVG\AVG8\avgui.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - N:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eRecoveryService] C:\Program\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AspireService] C:\Program\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [MediaSync] C:\Program\Acer\Acer eConsole\MediaSync.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program\Aspire\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [spybotSD TeaTimer] N:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Download Using &BitSpirit - E:\Program\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - N:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

--

End of file - 9739 bytes[/log]

 

Länk till kommentar
Dela på andra webbplatser

Jag har scannat med Panda anti-virus online scann nu också men den visade bara att 22 filer var speciella och det var bara tracking cokies

 

Länk till kommentar
Dela på andra webbplatser

Jag vet ej vilken map och fil det finns i men det upptäcks av Blizzards launcher där man spelar wow, det står att den trojanen finns och att jag inte bör logga in för att den kan sno info

 

Länk till kommentar
Dela på andra webbplatser

Jag undrar också om jag ska avinstallera genom kontrollpanelen, lägg till och ta bort program ?

För jag hittar inte "Spy Blocker" du menar väl inte "Spy Bot" ?

 

edit: Hittade den, avinstallerade Zone Alarm spy blocker.

 

[inlägget ändrat 2008-05-30 23:56:21 av MichaelM]

Länk till kommentar
Dela på andra webbplatser

Hittade den, avinstallerade Zone Alarm spy blocker.
:thumbsup:

 

Har du en mapp som heter c:\programs\bifrost? I så fall ta bort den.

 

Kolla i någon logg/karantän i Spybot i vilken fil och mapp som den hittade Bifrose.LA.

 

Länk till kommentar
Dela på andra webbplatser

Filen är borttagen av Spy bot och det finns ingen log. Jag hittade ingen mapp I C:/Program som hette Bifrost

 

Länk till kommentar
Dela på andra webbplatser

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Länk till kommentar
Dela på andra webbplatser

Jag har gjort combofix grejen. Men när jag startar World of Warcraft så säger den att trojanen fortfarande finns kvar men här kommer combofix loggen:

 

[log]ComboFix 08-05-29.1 - Michael 2008-05-31 10:35:52.1 - FAT32x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.1780 [GMT 2:00]

Running from: C:\Documents and Settings\Michael\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Michael\Application Data\addon.dat

 

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))

.

 

2008-05-30 23:51 . 2008-05-30 15:13 262,144 --a------ C:\Program\Uninstall Spy Blocker.dll

2008-05-30 22:37 . 2008-05-30 22:37 <KAT> d-------- C:\Program\Trend Micro

2008-05-30 20:08 . 2008-05-30 20:08 <KAT> d-------- C:\Program\Panda Security

2008-05-30 16:43 . 2008-05-30 16:43 148 --a------ C:\WINDOWS\wininit.ini

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Symantec

2008-05-30 16:13 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Creative

2008-05-30 16:13 . 2008-05-30 16:13 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-30 15:15 . 2008-05-31 01:16 10,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-30 15:15 . 2008-05-31 01:16 4,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-30 15:12 . 2008-05-30 15:12 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-05-30 15:11 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-05-30 15:11 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-05-30 15:11 . 2008-05-30 15:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\Program\Zone Labs

2008-05-30 15:10 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-05-30 15:10 . 2008-05-31 01:12 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-05-30 15:09 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\Internet Logs

2008-05-30 13:38 . 2008-05-30 13:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Symantec

2008-05-30 10:55 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Creative

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> d-------- C:\Documents and Settings\Gäst

2008-05-29 16:03 . 2008-05-29 16:03 <KAT> d--h----- C:\$AVG8.VAULT$

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Program\AVG

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-29 15:19 . 2008-05-29 15:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-29 15:19 . 2008-05-29 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-28 21:03 . 2008-05-28 21:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-27 13:38 . 2008-05-27 13:38 <KAT> d-------- C:\Program\Delade filer\xing shared

2008-05-26 21:26 . 2008-05-26 21:26 <KAT> d-------- C:\Program\Delade filer\Real

2008-05-14 17:09 . 2008-05-14 17:09 <KAT> d-------- C:\Documents and Settings\Michael\Logs

2008-05-13 15:32 . 2008-05-13 15:32 <KAT> d-------- C:\Dev-Cpp

2008-05-10 19:29 . 2008-05-10 19:29 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-05-01 15:29 . 2008-05-01 15:29 45 ---h----- C:\WINDOWS\dace7839.dat

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Program\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ

2008-04-29 18:37 . 2008-05-08 17:54 6 --a------ C:\ISACER.ID

2008-04-29 15:35 . 2008-04-29 15:35 286,720 --------- C:\WINDOWS\Setup1.exe

2008-04-29 15:35 . 2008-04-29 15:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-29 15:35 . 2008-04-29 15:35 1,608 --a------ C:\WINDOWS\ST6UNST.000

2008-04-28 16:54 . 2008-04-28 17:51 463,800 --a------ C:\WINDOWS\system32\desk.png

2008-04-28 16:51 . 2008-04-28 16:51 <KAT> d-------- C:\WINDOWS\system32\orb32wvx

2008-04-28 15:58 . 2008-04-28 15:58 4,782,095 --a------ C:\WINDOWS\system32\lncom_.mp3

2008-04-23 20:43 . 2008-04-23 20:43 <KAT> d--hs---- C:\WINDOWS\ftpcache

2008-04-18 17:28 . 2008-04-18 17:28 <KAT> d-------- C:\Games

2008-04-13 17:48 . 2004-08-04 01:33 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-04-13 17:48 . 2001-09-06 20:33 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-13 11:51 . 2008-04-13 11:51 <KAT> d-------- C:\WINDOWS\.jagex_cache_32

2008-04-12 12:12 . 2008-04-12 12:12 32 --a------ C:\WINDOWS\go

2008-04-02 20:04 . 2008-04-02 20:04 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\mIRC

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Ventrilo

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\Ventrilo

2008-04-01 16:12 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-04-01 11:13 . 2008-04-01 11:13 <KAT> d-------- C:\Program\Krstarica

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 11:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-28 14:22 998,400 ----a-w C:\Documents and Settings\Michael\Application Data\kernel33.dll

2008-04-28 14:22 28,160 ----a-w C:\WINDOWS\system32\zlib.dll

2008-03-26 21:54 155,995 ----a-w C:\WINDOWS\java\Packages\JDB9NB1N.ZIP

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-16 15:49 2,690 ----a-w C:\WINDOWS\inf\SysSetup1.dll

2008-03-08 13:16 52,224 ----a-w C:\WINDOWS\system32\jpg.dll

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-17 18:09 156 ----a-w C:\Documents and Settings\Michael\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DAEMON Tools"="E:\Program\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"SpybotSD TeaTimer"="N:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-14 08:48 14477312 C:\WINDOWS\RTHDCPL.EXE]

"ntiMUI"="c:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]

"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"eRecoveryService"="C:\Program\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2003-10-06 07:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"AspireService"="C:\Program\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 15:39 110592]

"MediaSync"="C:\Program\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]

"WinFast Schedule"="C:\Program\Aspire\WFTVFM\WFWIZ.exe" [2005-01-04 18:03 163840]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-05-27 13:38 185896]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-05-29 15:19 1177368]

"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 05:00 158720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

 

C:\Documents and Settings\Michael\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-06-14 08:48 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveHQ FileManager]

C:\Program\DriveHQ\DriveHQ FileManager\DriveHQClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"E:\\Program\\Valve\\Steam\\SteamApps\\bajs65\\day of defeat source\\hl2.exe"=

"E:\\Program\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-29 15:19]

S2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-05-29 15:19]

S2 int15.sys;int15.sys;C:\Program\Acer\eRecovery\int15.sys [2005-01-13 14:46]

S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-14 20:30]

S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-14 20:30]

S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-14 20:30]

S3 WFIOCTL;WFIOCTL;C:\Program\Aspire\WFTVFM\WFIOCTL.SYS []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - WF88XBAR

*Newly Created Service* - WFTUNE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B4F8180-6BD9-7624-35B4-C9402B368DC5}]

C:\Program\WindowsUpdate\mss.exe s

.

Contents of the 'Scheduled Tasks' folder

"2008-05-30 22:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

"2008-05-29 14:57:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 10:37:05

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-31 10:37:24

ComboFix-quarantined-files.txt 2008-05-31 08:37:24

 

Pre-Run: 8,387,657,728 byte ledigt

Post-Run: 9,981,132,800 byte ledigt

 

245 --- E O F --- 2008-05-28 11:17:37

[/log]

 

Länk till kommentar
Dela på andra webbplatser

ComboFix var inte för att den skulle ta bort något utan för att jag skulle kunna se vad för filer och mappar som har tillkommit i datorn senaste månaden (inte alla utan de som finns på Windows-ställen).

 

Vid vilken tidpunkt fungerade WoW?

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

Aktivera ctfmon.exe igen.

 

Surfa till http://www.virustotal.com klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. C:\Program\WindowsUpdate\mss.exe

 

Länk till kommentar
Dela på andra webbplatser

WoW fungerade på onsdagen och det började krångla på torsdagen.

 

Här är resultatet:

 

[log]AhnLab-V3 2008.5.30.1 2008.05.30 -

AntiVir 7.8.0.25 2008.05.30 -

Authentium 5.1.0.4 2008.05.31 -

Avast 4.8.1195.0 2008.05.31 -

AVG 7.5.0.516 2008.05.30 -

BitDefender 7.2 2008.05.31 -

CAT-QuickHeal 9.50 2008.05.30 -

ClamAV 0.92.1 2008.05.31 -

DrWeb 4.44.0.09170 2008.05.31 -

eSafe 7.0.15.0 2008.05.29 -

eTrust-Vet 31.4.5837 2008.05.30 -

Ewido 4.0 2008.05.31 -

F-Prot 4.4.4.56 2008.05.31 -

F-Secure 6.70.13260.0 2008.05.31 -

Fortinet 3.14.0.0 2008.05.30 -

GData 2.0.7306.1023 2008.05.31 -

Ikarus T3.1.1.26.0 2008.05.31 Backdoor.Win32.Bifrose.c

Kaspersky 7.0.0.125 2008.05.31 Heur.Backdoor.Generic

McAfee 5307 2008.05.30 -

Microsoft None 2008.05.31 -

NOD32v2 3148 2008.05.30 -

Norman 5.80.02 2008.05.30 -

Panda 9.0.0.4 2008.05.31 -

Prevx1 V2 2008.05.31 -

Rising 20.46.50.00 2008.05.31 -

Sophos 4.29.0 2008.05.31 -

Sunbelt 3.0.1139.1 2008.05.29 -

Symantec 10 2008.05.31 -

VBA32 3.12.6.6 2008.05.31 -

VirusBuster 4.3.26:9 2008.05.30 -

Webwasher-Gateway 6.6.2 2008.05.30 Win32.Malware.gen!80 (suspicious)

Additional information

File size: 58749 bytes

MD5...: ac23758d67e4b3470f30d47196edfc71

SHA1..: 7b6ff109d855d91d8aa20c9f4b36b509aaaeb36b

SHA256: fbbe766cfa8e27ad40d1252d230301879f9110c7790ad1bba4d5d1a1a40c8a6a

SHA512: f283ccdb8671efd37844026e98c07f2f2f2ca60598c0712032ed77ab2a842583

1f9279fd6d7192c867bf3c30fb268026bf15524173ddd4bce6bec4de3f1563f0

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x401230

timedatestamp.....: 0x482f4a15 (Sat May 17 21:11:49 2008)

machinetype.......: 0x14c (I386)

 

( 8 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x5000 0x5000 6.03 533c8a20b7f7b01769f9b4fe6ff75852

.data 0x6000 0x8000 0x7200 7.51 b77bb417d3e782cc840802f02360e871

.rdata 0xe000 0x1000 0x600 3.51 0db6aee34a8a433d390a03bc42842e66

.bss 0xf000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.edata 0x14000 0x1000 0x200 0.81 a622ff399018ffc95af268ce91939002

.idata 0x15000 0x1000 0x800 4.17 f493eb8a8100009ba942fc798a4bc05b

.rsrc 0x16000 0x1000 0xa00 5.34 6e0c7c8e6a1792e3fcdb3f65029bd180

.reloc 0x17000 0x30c 0x57d 6.34 2203ed401aa9e1d04453254fd636f92e

 

( 2 imports )

> KERNEL32.dll: AddAtomA, CloseHandle, CreateFileMappingW, CreateFileW, CreateSemaphoreA, ExitProcess, FindAtomA, GetAtomNameA, GetCommandLineA, GetCurrentThread, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetProcessHeap, GetStartupInfoA, HeapAlloc, HeapFree, InterlockedDecrement, InterlockedIncrement, LoadLibraryA, MapViewOfFile, ReleaseSemaphore, SetErrorMode, SetLastError, SetUnhandledExceptionFilter, Sleep, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnmapViewOfFile, VirtualAlloc, VirtualQuery, WaitForSingleObject, lstrcatW, lstrcpyW, lstrlenW

> msvcrt.dll: __getmainargs, __p__environ, __p__fmode, __set_app_type, _assert, _cexit, _iob, _onexit, _setmode, abort, atexit, free, malloc, memset, signal, strcmp

 

( 1 exports )

Relocations[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan (använd markera kod)

File::
C:\Program\WindowsUpdate\mss.exe s

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Länk till kommentar
Dela på andra webbplatser

Här kommer loggen:

 

[log]ComboFix 08-05-29.1 - Michael 2008-05-31 14:14:01.2 - FAT32x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.1779 [GMT 2:00]

Running from: C:\Documents and Settings\Michael\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Michael\Skrivbord\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Program\WindowsUpdate\mss.exe s

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Michael\Application Data\addon.dat

 

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))

.

 

2008-05-30 22:37 . 2008-05-30 22:37 <KAT> d-------- C:\Program\Trend Micro

2008-05-30 20:08 . 2008-05-30 20:08 <KAT> d-------- C:\Program\Panda Security

2008-05-30 16:43 . 2008-05-30 16:43 148 --a------ C:\WINDOWS\wininit.ini

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Symantec

2008-05-30 16:13 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Creative

2008-05-30 16:13 . 2008-05-30 16:13 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-30 15:15 . 2008-05-31 14:11 55,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-30 15:15 . 2008-05-31 14:11 5,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-30 15:12 . 2008-05-30 15:12 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-05-30 15:11 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-05-30 15:11 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-05-30 15:11 . 2008-05-30 15:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\Program\Zone Labs

2008-05-30 15:10 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-05-30 15:10 . 2008-05-31 10:42 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-05-30 15:09 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\Internet Logs

2008-05-30 13:38 . 2008-05-30 13:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Symantec

2008-05-30 10:55 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Creative

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> d-------- C:\Documents and Settings\Gäst

2008-05-29 16:03 . 2008-05-29 16:03 <KAT> d--h----- C:\$AVG8.VAULT$

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Program\AVG

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-29 15:19 . 2008-05-29 15:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-29 15:19 . 2008-05-29 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-28 21:03 . 2008-05-28 21:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-27 13:38 . 2008-05-27 13:38 <KAT> d-------- C:\Program\Delade filer\xing shared

2008-05-26 21:26 . 2008-05-26 21:26 <KAT> d-------- C:\Program\Delade filer\Real

2008-05-14 17:09 . 2008-05-14 17:09 <KAT> d-------- C:\Documents and Settings\Michael\Logs

2008-05-13 15:32 . 2008-05-13 15:32 <KAT> d-------- C:\Dev-Cpp

2008-05-10 19:29 . 2008-05-10 19:29 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-05-01 15:29 . 2008-05-01 15:29 45 ---h----- C:\WINDOWS\dace7839.dat

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Program\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ

2008-04-29 18:37 . 2008-05-08 17:54 6 --a------ C:\ISACER.ID

2008-04-29 15:35 . 2008-04-29 15:35 286,720 --------- C:\WINDOWS\Setup1.exe

2008-04-29 15:35 . 2008-04-29 15:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-29 15:35 . 2008-04-29 15:35 1,608 --a------ C:\WINDOWS\ST6UNST.000

2008-04-28 16:54 . 2008-04-28 17:51 463,800 --a------ C:\WINDOWS\system32\desk.png

2008-04-28 16:51 . 2008-04-28 16:51 <KAT> d-------- C:\WINDOWS\system32\orb32wvx

2008-04-28 15:58 . 2008-04-28 15:58 4,782,095 --a------ C:\WINDOWS\system32\lncom_.mp3

2008-04-23 20:43 . 2008-04-23 20:43 <KAT> d--hs---- C:\WINDOWS\ftpcache

2008-04-18 17:28 . 2008-04-18 17:28 <KAT> d-------- C:\Games

2008-04-13 17:48 . 2004-08-04 01:33 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-04-13 17:48 . 2001-09-06 20:33 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-13 11:51 . 2008-04-13 11:51 <KAT> d-------- C:\WINDOWS\.jagex_cache_32

2008-04-12 12:12 . 2008-04-12 12:12 32 --a------ C:\WINDOWS\go

2008-04-02 20:04 . 2008-04-02 20:04 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\mIRC

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Ventrilo

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\Ventrilo

2008-04-01 16:12 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-04-01 11:13 . 2008-04-01 11:13 <KAT> d-------- C:\Program\Krstarica

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 11:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-28 14:22 998,400 ----a-w C:\Documents and Settings\Michael\Application Data\kernel33.dll

2008-04-28 14:22 28,160 ----a-w C:\WINDOWS\system32\zlib.dll

2008-03-26 21:54 155,995 ----a-w C:\WINDOWS\java\Packages\JDB9NB1N.ZIP

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-16 15:49 2,690 ----a-w C:\WINDOWS\inf\SysSetup1.dll

2008-03-08 13:16 52,224 ----a-w C:\WINDOWS\system32\jpg.dll

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-17 18:09 156 ----a-w C:\Documents and Settings\Michael\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-31_10.37.16,15 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-31 08:33:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-31 12:12:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DAEMON Tools"="E:\Program\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"SpybotSD TeaTimer"="N:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-14 08:48 14477312 C:\WINDOWS\RTHDCPL.EXE]

"ntiMUI"="c:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]

"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"eRecoveryService"="C:\Program\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2003-10-06 07:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"AspireService"="C:\Program\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 15:39 110592]

"MediaSync"="C:\Program\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]

"WinFast Schedule"="C:\Program\Aspire\WFTVFM\WFWIZ.exe" [2005-01-04 18:03 163840]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-05-27 13:38 185896]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-05-29 15:19 1177368]

"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 05:00 158720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

 

C:\Documents and Settings\Michael\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-06-14 08:48 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveHQ FileManager]

C:\Program\DriveHQ\DriveHQ FileManager\DriveHQClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"E:\\Program\\Valve\\Steam\\SteamApps\\bajs65\\day of defeat source\\hl2.exe"=

"E:\\Program\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-29 15:19]

S2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-05-29 15:19]

S2 int15.sys;int15.sys;C:\Program\Acer\eRecovery\int15.sys [2005-01-13 14:46]

S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-14 20:30]

S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-14 20:30]

S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-14 20:30]

S3 WFIOCTL;WFIOCTL;C:\Program\Aspire\WFTVFM\WFIOCTL.SYS []

 

*Newly Created Service* - WF88XBAR

*Newly Created Service* - WFTUNE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B4F8180-6BD9-7624-35B4-C9402B368DC5}]

C:\Program\WindowsUpdate\mss.exe s

.

Contents of the 'Scheduled Tasks' folder

"2008-05-31 10:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

"2008-05-29 14:57:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 14:15:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-31 14:15:34

ComboFix-quarantined-files.txt 2008-05-31 12:15:34

ComboFix2.txt 2008-05-31 08:37:26

 

Pre-Run: 9,713,090,560 byte ledigt

Post-Run: 9,700,147,200 byte ledigt

 

251 --- E O F --- 2008-05-28 11:17:37

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan (använd markera kod)

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B4F8180-6BD9-7624-35B4-C9402B368DC5}]

File::
C:\Program\WindowsUpdate\mss.exe

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Länk till kommentar
Dela på andra webbplatser

Jag startade wow nu och det stog inget om en trojan längre :).

 

Men här kommer loggen:

 

[log]ComboFix 08-05-29.1 - Michael 2008-05-31 16:40:55.3 - FAT32x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.1780 [GMT 2:00]

Running from: C:\Documents and Settings\Michael\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Michael\Skrivbord\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Program\WindowsUpdate\mss.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Michael\Application Data\addon.dat

C:\Program\WindowsUpdate\mss.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))

.

 

2008-05-31 15:30 . 2008-05-31 15:30 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\GlarySoft

2008-05-31 15:26 . 2008-05-31 15:27 <KAT> d-------- C:\Program\Glary Utilities

2008-05-30 22:37 . 2008-05-30 22:37 <KAT> d-------- C:\Program\Trend Micro

2008-05-30 20:08 . 2008-05-30 20:08 <KAT> d-------- C:\Program\Panda Security

2008-05-30 16:43 . 2008-05-30 16:43 148 --a------ C:\WINDOWS\wininit.ini

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-10-20 15:22 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-05-30 16:13 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Symantec

2008-05-30 16:13 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Creative

2008-05-30 16:13 . 2008-05-30 16:13 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-30 15:15 . 2008-05-31 16:38 67,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-30 15:15 . 2008-05-31 16:38 7,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-30 15:12 . 2008-05-30 15:12 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-05-30 15:11 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-05-30 15:11 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-05-30 15:11 . 2008-05-30 15:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs

2008-05-30 15:10 . 2008-05-30 15:10 <KAT> d-------- C:\Program\Zone Labs

2008-05-30 15:10 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-05-30 15:10 . 2008-05-31 14:19 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-05-30 15:09 . 2008-05-30 15:10 <KAT> d-------- C:\WINDOWS\Internet Logs

2008-05-30 13:38 . 2008-05-30 13:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> dr------- C:\Documents and Settings\Gäst\Start-meny

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Mallar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2005-07-08 23:41 <KAT> d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> dr------- C:\Documents and Settings\Gäst\Favoriter

2008-05-30 10:55 . 2005-07-08 23:58 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Symantec

2008-05-30 10:55 . 2005-10-20 15:30 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\Creative

2008-05-30 10:55 . 2008-05-30 10:55 <KAT> d-------- C:\Documents and Settings\Gäst

2008-05-29 16:03 . 2008-05-29 16:03 <KAT> d--h----- C:\$AVG8.VAULT$

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Program\AVG

2008-05-29 15:19 . 2008-05-29 15:19 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-29 15:19 . 2008-05-29 15:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-29 15:19 . 2008-05-29 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-28 21:03 . 2008-05-28 21:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-27 13:38 . 2008-05-27 13:38 <KAT> d-------- C:\Program\Delade filer\xing shared

2008-05-26 21:26 . 2008-05-26 21:26 <KAT> d-------- C:\Program\Delade filer\Real

2008-05-14 17:09 . 2008-05-14 17:09 <KAT> d-------- C:\Documents and Settings\Michael\Logs

2008-05-13 15:32 . 2008-05-13 15:32 <KAT> d-------- C:\Dev-Cpp

2008-05-10 19:29 . 2008-05-10 19:29 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-05-01 15:29 . 2008-05-01 15:29 45 ---h----- C:\WINDOWS\dace7839.dat

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Program\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\DriveHQ

2008-04-30 21:57 . 2008-04-30 21:57 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ

2008-04-29 18:37 . 2008-05-08 17:54 6 --a------ C:\ISACER.ID

2008-04-29 15:35 . 2008-04-29 15:35 286,720 --------- C:\WINDOWS\Setup1.exe

2008-04-29 15:35 . 2008-04-29 15:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-29 15:35 . 2008-04-29 15:35 1,608 --a------ C:\WINDOWS\ST6UNST.000

2008-04-28 16:54 . 2008-04-28 17:51 463,800 --a------ C:\WINDOWS\system32\desk.png

2008-04-28 16:51 . 2008-04-28 16:51 <KAT> d-------- C:\WINDOWS\system32\orb32wvx

2008-04-28 15:58 . 2008-04-28 15:58 4,782,095 --a------ C:\WINDOWS\system32\lncom_.mp3

2008-04-23 20:43 . 2008-04-23 20:43 <KAT> d--hs---- C:\WINDOWS\ftpcache

2008-04-18 17:28 . 2008-04-18 17:28 <KAT> d-------- C:\Games

2008-04-13 17:48 . 2004-08-04 01:33 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-04-13 17:48 . 2001-09-06 20:33 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-13 11:51 . 2008-04-13 11:51 <KAT> d-------- C:\WINDOWS\.jagex_cache_32

2008-04-12 12:12 . 2008-04-12 12:12 32 --a------ C:\WINDOWS\go

2008-04-02 20:04 . 2008-04-02 20:04 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\mIRC

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Ventrilo

2008-04-01 16:13 . 2008-04-01 16:13 <KAT> d-------- C:\Documents and Settings\Michael\Application Data\Ventrilo

2008-04-01 16:12 . 2008-04-01 16:13 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2008-04-01 11:13 . 2008-04-01 11:13 <KAT> d-------- C:\Program\Krstarica

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 11:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-28 14:22 998,400 ----a-w C:\Documents and Settings\Michael\Application Data\kernel33.dll

2008-04-28 14:22 28,160 ----a-w C:\WINDOWS\system32\zlib.dll

2008-03-26 21:54 155,995 ----a-w C:\WINDOWS\java\Packages\JDB9NB1N.ZIP

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-16 15:49 2,690 ----a-w C:\WINDOWS\inf\SysSetup1.dll

2008-03-08 13:16 52,224 ----a-w C:\WINDOWS\system32\jpg.dll

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-17 18:09 156 ----a-w C:\Documents and Settings\Michael\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DAEMON Tools"="E:\Program\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"SpybotSD TeaTimer"="N:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-14 08:48 14477312 C:\WINDOWS\RTHDCPL.EXE]

"ntiMUI"="c:\Program\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]

"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"eRecoveryService"="C:\Program\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2003-10-06 07:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"AspireService"="C:\Program\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 15:39 110592]

"MediaSync"="C:\Program\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]

"WinFast Schedule"="C:\Program\Aspire\WFTVFM\WFWIZ.exe" [2005-01-04 18:03 163840]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-05-29 15:19 1177368]

"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 05:00 158720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

 

C:\Documents and Settings\Michael\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-06-14 08:48 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveHQ FileManager]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"E:\\Program\\Valve\\Steam\\SteamApps\\bajs65\\day of defeat source\\hl2.exe"=

"E:\\Program\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-29 15:19]

S2 avg8wd;AVG8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-05-29 15:19]

S2 int15.sys;int15.sys;C:\Program\Acer\eRecovery\int15.sys [2005-01-13 14:46]

S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-14 20:30]

S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-14 20:30]

S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-14 20:30]

 

*Newly Created Service* - WF88XBAR

*Newly Created Service* - WFTUNE

.

Contents of the 'Scheduled Tasks' folder

"2008-05-31 14:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

"2008-05-29 14:57:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

"2008-05-31 13:27:02 C:\WINDOWS\Tasks\GlaryInitialize.job"

- C:\Program\Glary Utilities\initialize.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 16:42:09

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-31 16:42:29

ComboFix-quarantined-files.txt 2008-05-31 14:42:28

ComboFix3.txt 2008-05-31 08:37:26

ComboFix2.txt 2008-05-31 12:15:36

 

Pre-Run: 10,907,353,088 byte ledigt

Post-Run: 10,892,640,256 byte ledigt

 

249 --- E O F --- 2008-05-28 11:17:37

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Tack så mycket Cecilia :thumbsup:

 

Kan jag logga in nu utan att vara orolig över mitt lösenord?

 

Länk till kommentar
Dela på andra webbplatser

Det skulle jag tro men kolla gärna igenom med SUPERAntiSpyware också och lär dig hur ZoneAlarm (eller någon annan brandvägg) fungerar så att du vet hur du ska stoppa program i brandväggen.

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...