Just nu i M3-nätverket
Jump to content
Sign in to follow this  
Antwox

VIRUS ALERT!

Recommended Posts

Har problem med detta

 

VIRUS ALERT!

[log]

SmitFraudFix v2.329

 

Scan done at 23:24:10,28, 2008-07-07

Run from C:\Documents and Settings\Daniel o Sandra\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE08E6BD-3508-42B0-AB6A-2F0FE6E476F3}: DhcpNameServer=195.84.98.161 195.84.98.162

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE08E6BD-3508-42B0-AB6A-2F0FE6E476F3}: DhcpNameServer=195.84.98.161 195.84.98.162

HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE08E6BD-3508-42B0-AB6A-2F0FE6E476F3}: DhcpNameServer=195.84.98.161 195.84.98.162

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.84.98.161 195.84.98.162

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.84.98.161 195.84.98.162

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.84.98.161 195.84.98.162

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

Hjälp mig snälla.

 

//Antwox

 

 

Share this post


Link to post
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:29: VIRUS ALERT!, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {06E28F8D-B993-46F1-BD93-F8EF71104C4F} - C:\WINDOWS\system32\tuvUNGyA.dll (file missing)

O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\cbXQhhed.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: QXK Olive - {8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll (file missing)

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [c04a8b41] rundll32.exe "C:\WINDOWS\system32\lwxrpnxu.dll",b

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Webb Antivirus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.67.74.165/activex/AMC.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://kund.bahnhof.se/f-secure/fscax.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab

O20 - Winlogon Notify: cbXQhhed - cbXQhhed.dll (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7091 bytes

[/log]

Hjälp mig snälla.

 

//Antwox

 

Share this post


Link to post
Share on other sites

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Bifoga en ny HijackThis logg

 

 

[/log]

 

 

 

 

//gästen

 

Share this post


Link to post
Share on other sites

[log]ComboFix 08-07-05.1 - Administratör 2008-07-08 5:31:18.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.384 [GMT 2:00]

Running from: C:\Documents and Settings\Daniel o Sandra\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Daniel o Sandra\Application Data\inst.exe

C:\Documents and Settings\Daniel o Sandra\Favoriter\Error Cleaner.url

C:\Documents and Settings\Daniel o Sandra\Favoriter\Privacy Protector.url

C:\Documents and Settings\Daniel o Sandra\Favoriter\Spyware&Malware Protection.url

C:\temp\brr

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\AyGNUvut.ini

C:\WINDOWS\system32\AyGNUvut.ini2

C:\WINDOWS\system32\b08FdUe

C:\WINDOWS\system32\cruxirwb.ini

C:\WINDOWS\system32\dxqdwrhg.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\uxnprxwl.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

 

2008-07-08 00:29 . 2008-07-08 00:29 <KAT> d-------- C:\Program\Trend Micro

2008-07-07 23:24 . 2008-07-07 23:24 2,620 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-07 23:22 . 2008-07-07 23:22 <KAT> d-------- C:\Documents and Settings\Administrat”r

2008-07-06 21:16 . 2008-07-06 21:21 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-07-06 21:16 . 2008-07-06 21:21 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-07-06 21:15 . 2008-07-06 21:15 <KAT> d-------- C:\Program\Kaspersky Lab

2008-07-06 21:15 . 2008-07-07 23:33 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-07-06 21:15 . 2008-07-08 05:27 11,816,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-06 21:15 . 2008-07-08 05:27 168,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-06 21:15 . 2008-07-08 05:27 30,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-07-06 21:15 . 2008-07-08 05:27 4,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-07-06 21:00 . 2008-07-06 21:00 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-07-06 20:13 . 2008-07-06 20:13 89,088 --a------ C:\WINDOWS\system32\lwxrpnxu.dll

2008-07-06 20:12 . 2008-07-06 20:12 <KAT> d-------- C:\Documents and Settings\Daniel o Sandra\Application Data\TmpRecentIcons

2008-06-30 20:57 . 2008-07-06 20:58 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-06-24 22:26 . 2008-06-24 22:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-24 17:25 . 2008-06-24 17:25 1,101 --a------ C:\WINDOWS\vpd.properties

2008-06-11 10:18 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 10:18 . 2008-06-14 20:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 19:22 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-07-06 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-07-03 19:21 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\uTorrent

2008-06-30 07:50 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-06-30 07:50 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-06-30 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-24 19:30 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\mIRC

2008-06-18 19:11 --------- d-----w C:\Program\mIRC

2008-06-12 14:55 --------- d-----w C:\Program\McDonaldsDragons

2008-05-12 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-05-11 17:44 --------- d--h--w C:\Program\InstallShield Installation Information

2008-05-10 18:24 --------- d-----w C:\Program\Delade filer\Adobe

2008-05-10 18:22 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\AdobeUM

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-26 16:41 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe

2007-08-04 20:42 87,608 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\ezpinst.exe

2007-08-04 20:42 47,360 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\pcouffin.sys

2007-07-31 12:42 24,176 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"c04a8b41"="C:\WINDOWS\system32\lwxrpnxu.dll" [2008-07-06 20:13 89088]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 158720]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-07-24 21:24:37 722728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\utorrent\\utorrent.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\BPFTP Server\\bpftpserver.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"E:\\XboX\\chippning\\ultimate\\PC-Tools\\c-xboxtool205\\C-XBox Tool 2\\C-XBox Tool.exe"=

 

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-30 09:50]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\autorun.exe

 

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{06E28F8D-B993-46F1-BD93-F8EF71104C4F} - C:\WINDOWS\system32\tuvUNGyA.dll

BHO-{5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\cbXQhhed.dll

BHO-{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll

Toolbar-{AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll

ShellExecuteHooks-{5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\cbXQhhed.dll

Notify-cbXQhhed - cbXQhhed.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-08 05:36:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-08 5:39:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-08 03:39:04

 

Pre-Run: 20,979,068,928 byte ledigt

Post-Run: 21,163,294,720 byte ledigt

 

158 --- E O F --- 2008-07-07 17:18:08

[/log]

 

Har gjort 2 hijackthis scans en i felsäkertläge och en i normal läge.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:40:11, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [c04a8b41] rundll32.exe "C:\WINDOWS\system32\lwxrpnxu.dll",b

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Webb Antivirus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab'>http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab'>http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab'>http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.67.74.165/activex/AMC.cab'>http://195.67.74.165/activex/AMC.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://kund.bahnhof.se/f-secure/fscax.cab'>http://kund.bahnhof.se/f-secure/fscax.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab'>http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab'>http://www.clickteam.com/vitalize3/vitalize.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5182 bytes

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:47: VIRUS ALERT!, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [c04a8b41] rundll32.exe "C:\WINDOWS\system32\lwxrpnxu.dll",b

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Webb Antivirus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.67.74.165/activex/AMC.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://kund.bahnhof.se/f-secure/fscax.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6825 bytes

[/log]

 

Tack på förhand

//Antwox

 

Share this post


Link to post
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09: VIRUS ALERT!, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Webb Antivirus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.67.74.165/activex/AMC.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://kund.bahnhof.se/f-secure/fscax.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6770 bytes

[/log]

 

Share this post


Link to post
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

sen är loggen ok.

 

Share this post


Link to post
Share on other sites

Nu har jag gjort det men det står fortfarande Virus alert!

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45: VIRUS ALERT!, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Webb Antivirus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.67.74.165/activex/AMC.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://kund.bahnhof.se/f-secure/fscax.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6612 bytes

[/log]

 

Tack på förhand.

 

Share this post


Link to post
Share on other sites

Här kommer den... =)

 

[log]ComboFix 08-07-05.1 - Administratör 2008-07-08 13:10:28.2 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.380 [GMT 2:00]

Running from: C:\Documents and Settings\Daniel o Sandra\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

 

2008-07-08 05:53 . 2008-07-08 05:54 <KAT> d-------- C:\Rapporter

2008-07-08 05:42 . 2008-07-08 05:42 294 ---hs---- C:\WINDOWS\system32\uxnprxwl.ini

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\Daniel o Sandra\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-07-08 00:29 . 2008-07-08 00:29 <KAT> d-------- C:\Program\Trend Micro

2008-07-07 23:24 . 2008-07-07 23:24 2,620 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-07-07 23:22 . 2007-07-03 21:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-07-07 23:22 . 2007-07-03 21:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-07-07 23:22 . 2008-07-08 13:12 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-07-07 23:22 . 2008-07-08 13:12 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-07-07 23:22 . 2008-07-07 23:22 <KAT> d-------- C:\Documents and Settings\Administratör

2008-07-06 21:16 . 2008-07-06 21:21 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-07-06 21:16 . 2008-07-06 21:21 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-07-06 21:15 . 2008-07-06 21:15 <KAT> d-------- C:\Program\Kaspersky Lab

2008-07-06 21:15 . 2008-07-08 12:27 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-07-06 21:15 . 2008-07-08 13:01 11,864,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-06 21:15 . 2008-07-08 13:01 169,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-06 21:15 . 2008-07-08 13:01 33,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-07-06 21:15 . 2008-07-08 13:01 5,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-07-06 21:00 . 2008-07-06 21:00 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-07-06 20:12 . 2008-07-06 20:12 <KAT> d-------- C:\Documents and Settings\Daniel o Sandra\Application Data\TmpRecentIcons

2008-06-30 20:57 . 2008-07-06 20:58 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-06-24 22:26 . 2008-06-24 22:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-24 17:25 . 2008-06-24 17:25 1,101 --a------ C:\WINDOWS\vpd.properties

2008-06-11 10:18 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 10:18 . 2008-06-14 20:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 19:22 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-07-06 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-07-03 19:21 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\uTorrent

2008-06-30 07:50 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-06-30 07:50 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-06-30 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-24 19:30 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\mIRC

2008-06-18 19:11 --------- d-----w C:\Program\mIRC

2008-06-12 14:55 --------- d-----w C:\Program\McDonaldsDragons

2008-05-12 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-05-11 17:44 --------- d--h--w C:\Program\InstallShield Installation Information

2008-05-10 18:24 --------- d-----w C:\Program\Delade filer\Adobe

2008-05-10 18:22 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\AdobeUM

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-26 16:41 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-17 14:48 22,168 ----a-w C:\WINDOWS\system32\dopdfmn6.dll

2008-04-17 14:48 18,072 ----a-w C:\WINDOWS\system32\dopdfmi6.dll

2007-08-04 20:42 87,608 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\ezpinst.exe

2007-08-04 20:42 47,360 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\pcouffin.sys

2007-07-31 12:42 24,176 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\GDIPFONTCACHEV1.DAT

2004-01-31 17:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-08_ 5.38.47.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-08 03:36:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-08 11:02:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-07-07 21:36:25 67,024 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-07-08 10:29:54 67,024 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-07-07 21:36:26 74,122 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-07-08 10:29:54 74,122 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-07-07 21:36:25 455,164 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-08 10:29:54 455,164 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-07-07 21:36:26 408,028 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-07-08 10:29:54 408,028 ----a-w C:\WINDOWS\system32\perfh01D.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 14:00 158720]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-07-24 21:24:37 722728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\utorrent\\utorrent.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\BPFTP Server\\bpftpserver.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"E:\\XboX\\chippning\\ultimate\\PC-Tools\\c-xboxtool205\\C-XBox Tool 2\\C-XBox Tool.exe"=

 

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-30 09:50]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\autorun.exe

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-c04a8b41 - C:\WINDOWS\system32\lwxrpnxu.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-08 13:12:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-08 13:13:19

ComboFix-quarantined-files.txt 2008-07-08 11:13:12

 

Pre-Run: 21,158,715,392 byte ledigt

Post-Run: 21,150,883,840 byte ledigt

 

174 --- E O F --- 2008-07-07 17:18:08

[/log]:):)

 

Share this post


Link to post
Share on other sites

 

Ta bort denna fil med dolda filer synliga

 

C:\WINDOWS\system32\uxnprxwl.ini

 

ser inget annat i loggen.

 

Vad finns i denna mapp

 

C:\Documents and Settings\Daniel o Sandra\Application Data\TmpRecentIcons

 

 

Share this post


Link to post
Share on other sites

Det är iconer som har försvunnit från mitt skrivbord.

 

 

"Vad finns i denna mapp

 

C:\Documents and Settings\Daniel o Sandra\Application Data\TmpRecentIcons"

 

BRB

 

Share this post


Link to post
Share on other sites

Så här ser loggen ut nu.. har fått bort virus alert från klockan nu =)

 

[log]ComboFix 08-07-05.1 - Daniel o Sandra 2008-07-08 14:35:20.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.152 [GMT 2:00]

Running from: C:\Documents and Settings\Daniel o Sandra\Skrivbord\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

 

2008-07-08 14:10 . 2008-07-08 14:10 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Sony Ericsson

2008-07-08 05:53 . 2008-07-08 05:54 <KAT> d-------- C:\Rapporter

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\Daniel o Sandra\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-07-08 05:39 . 2008-07-08 05:39 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-07-08 00:29 . 2008-07-08 00:29 <KAT> d-------- C:\Program\Trend Micro

2008-07-07 23:24 . 2008-07-07 23:24 2,620 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-07-07 23:22 . 2007-07-03 21:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-07-07 23:22 . 2007-07-03 21:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-07-07 23:22 . 2008-07-08 14:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-07-07 23:22 . 2008-07-08 14:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-07-07 23:22 . 2007-07-03 21:21 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-07-07 23:22 . 2008-07-07 23:22 <KAT> d-------- C:\Documents and Settings\Administratör

2008-07-06 21:16 . 2008-07-06 21:21 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-07-06 21:16 . 2008-07-06 21:21 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-07-06 21:15 . 2008-07-06 21:15 <KAT> d-------- C:\Program\Kaspersky Lab

2008-07-06 21:15 . 2008-07-08 14:23 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-07-06 21:15 . 2008-07-08 14:50 11,970,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-06 21:15 . 2008-07-08 14:02 169,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-06 21:15 . 2008-07-08 14:51 36,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-07-06 21:15 . 2008-07-08 14:02 5,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-07-06 21:00 . 2008-07-06 21:00 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-07-06 20:12 . 2008-07-06 20:12 <KAT> d-------- C:\Documents and Settings\Daniel o Sandra\Application Data\TmpRecentIcons

2008-06-30 20:57 . 2008-07-06 20:58 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-06-24 22:26 . 2008-06-24 22:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-24 17:25 . 2008-06-24 17:25 1,101 --a------ C:\WINDOWS\vpd.properties

2008-06-11 10:18 . 2008-06-14 20:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 10:18 . 2008-06-14 20:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 19:22 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-07-06 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-07-03 19:21 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\uTorrent

2008-06-30 07:50 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-06-30 07:50 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-06-30 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-24 19:30 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\mIRC

2008-06-18 19:11 --------- d-----w C:\Program\mIRC

2008-06-12 14:55 --------- d-----w C:\Program\McDonaldsDragons

2008-05-12 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-05-11 17:44 --------- d--h--w C:\Program\InstallShield Installation Information

2008-05-10 18:24 --------- d-----w C:\Program\Delade filer\Adobe

2008-05-10 18:22 --------- d-----w C:\Documents and Settings\Daniel o Sandra\Application Data\AdobeUM

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-26 16:41 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-17 14:48 22,168 ----a-w C:\WINDOWS\system32\dopdfmn6.dll

2008-04-17 14:48 18,072 ----a-w C:\WINDOWS\system32\dopdfmi6.dll

2007-08-04 20:42 87,608 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\ezpinst.exe

2007-08-04 20:42 47,360 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\pcouffin.sys

2007-07-31 12:42 24,176 ----a-w C:\Documents and Settings\Daniel o Sandra\Application Data\GDIPFONTCACHEV1.DAT

2004-01-31 17:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-08_ 5.38.47.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-08 03:36:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-08 12:17:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-07-07 21:36:25 67,024 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-07-08 12:21:14 67,024 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-07-07 21:36:26 74,122 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-07-08 12:21:14 74,122 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-07-07 21:36:25 455,164 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-08 12:21:14 455,164 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-07-07 21:36:26 408,028 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-07-08 12:21:14 408,028 ----a-w C:\WINDOWS\system32\perfh01D.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 14:00 158720]

"AVP"="C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51 218376]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-07-24 21:24:37 722728]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"NoDispCPL"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoToolbarCustomize"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"NoStartMenuMorePrograms"= 1 (0x1)

"NoSetFolders"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\utorrent\\utorrent.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program\\BPFTP Server\\bpftpserver.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"E:\\XboX\\chippning\\ultimate\\PC-Tools\\c-xboxtool205\\C-XBox Tool 2\\C-XBox Tool.exe"=

 

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-30 09:50]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

 

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-08 14:51:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-08 14:53:32

ComboFix-quarantined-files.txt 2008-07-08 12:53:23

ComboFix2.txt 2008-07-08 11:13:19

 

Pre-Run: 20,561,256,448 byte ledigt

Post-Run: 20,597,784,576 byte ledigt

 

186 --- E O F --- 2008-07-07 17:18:08

[/log]

 

Tack zipp för hjälpen...många poäng till dig =)

 

Share this post


Link to post
Share on other sites

Bra att du fick hjälp, även om jag inte hunnit svara dig, men det finns ofta någon här på Eforum som kan hjälpa.

 

Edit: Tack för poängen

 

 

//gästen

 

 

[inlägget ändrat 2008-07-08 16:36:03 av //gästen]

Share this post


Link to post
Share on other sites

Ni som kan detta, några undringar!

 

Jag satt för någon vecka sedan med en kompis dator med svensk xp home med texten "virus alert". Den hade förutom det blivit "nedlåst av administratören" så att tex regedit, kontrollpanel och task manager ej gick att starta (gällde även i safe mode där oxå kontot administratör var dolt). Den hade konstigt namngivna dll filer med datumen 16 och 24/6 som innehöll virus. Detta stämmer med de datum konton började låsas ner.

 

Innan jag började hade jag skapat en disk image så jag kunde börja om (det blev några försök).

 

Utan nätsladd ansluten lyckades jag i safe mode komma åt en kommando prompt och starta kontrollpanelen för användarkonton den vägen. Skapade ett nytt konto som jag loggade in med. Detta konto hade inte denna text i trayen och var ej heller nerlåst. Lyckades med det kontot låsa upp administratör via registret. Vid omboot utan safe mode så låstes även det nya kontot ner och fick texten "virus alert" (fortfarande utan nät).

 

När det gällde att få bort "virus alert" fick jag mycket hjälp genom att läsa olika trådar här. Jag hittade då ingen med direkt träff. Jag lyckades med hjälp av programmen som nämns i bla denna tråd få datorn att bete sig normalt igen, var dock tvungen att köra ett av programmen inloggad med alla konton. När jag sedan var färdig och tittade i registret såg jag alldeles för många (iof kanske harmlösa) entrys med konstiga bokstavkombinationer. Dessutom fungerade inte längre panelen för användarkonton under kontroll panelen. Det spelade ingen roll vilket av de konton som fanns som jag använde. Jag tror att det var ComboFix som förstörde den, är det ett scenario ni sett tidigare? ComboFix i sig gick hur fint som helst att köra.

 

Det hela slutade med att datorn vann, jag ominstallerade vilket iof inte är fel då den gått i nästan 5 år. Eftersom jag hade en image från en nästan lika hempc, gjord när maskinen var ny slapp han i alla fall installera om alla förintallerade program som fanns, återstår de som han anser bör finnas.

 

/Peter

 

 

Share this post


Link to post
Share on other sites
Dessutom fungerade inte längre panelen för användarkonton under kontroll panelen. Det spelade ingen roll vilket av de konton som fanns som jag använde. Jag tror att det var ComboFix som förstörde den, är det ett scenario ni sett tidigare?
Jag har inte hört tidigare att ComboFix skulle skada hanteringen av användarkonton.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×