Just nu i M3-nätverket
Jump to content

System Antivirus 2008


Lingonpojken

Recommended Posts

Jag har lyckats dra på mig fejk-antivirus programmet "System Antivirus 2008".

 

Jag körde ComboFix, här är loggen;

 

[log]ComboFix 08-08-31.01 - Lingon 2008-09-01 21:21:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1686 [GMT 2:00]

Running from: C:\Documents and Settings\Lingon\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\actskn43.ocx

 

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Program\Lavasoft

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-01 20:26 . 2008-09-01 20:26 86,016 --a--c--- C:\WINDOWS\system32\ctenqhcv.exe

2008-09-01 20:20 . 2008-09-01 20:25 <KAT> d----c--- C:\Program\RegCure

2008-09-01 20:13 . 2008-09-01 20:13 <KAT> d----c--- C:\Program\Enigma Software Group

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\Lingon\Lokala instõllningar

2008-08-31 21:42 . 2008-08-31 21:42 <KAT> d----c--- C:\Program\SAV

2008-08-31 21:42 . 2008-08-31 21:42 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\vqpuhwpm

2008-08-31 21:42 . 2008-08-13 19:10 168,448 --a--c--- C:\WINDOWS\system32\sav.cpl

2008-08-31 21:42 . 2008-08-31 21:42 115,204 --a--c--- C:\WINDOWS\system32\msxml71.dll

2008-08-31 21:42 . 2008-08-31 21:42 90,112 --a--c--- C:\WINDOWS\system32\raneryzw.exe

2008-08-31 18:53 . 2008-08-31 18:53 2,915,944 --a--c--- C:\WINDOWS\system32\drivers\appdrv01.sys

2008-08-31 18:53 . 2008-08-31 18:53 304,528 --a--c--- C:\WINDOWS\system32\appdrvrem01.exe

2008-08-31 16:46 . 2008-08-31 16:46 <KAT> d----c--- C:\WINDOWS\Logs

2008-08-31 16:46 . 2008-05-30 14:11 3,850,760 --a--c--- C:\WINDOWS\system32\D3DX9_38.dll

2008-08-31 16:46 . 2008-05-30 14:11 1,491,992 --a--c--- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-08-31 16:46 . 2008-05-30 14:19 507,400 --a--c--- C:\WINDOWS\system32\XAudio2_1.dll

2008-08-31 16:46 . 2008-05-30 14:11 467,984 --a--c--- C:\WINDOWS\system32\d3dx10_38.dll

2008-08-31 16:46 . 2008-05-30 14:18 238,088 --a--c--- C:\WINDOWS\system32\xactengine3_1.dll

2008-08-31 16:46 . 2008-05-30 14:17 65,032 --a--c--- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-08-31 16:46 . 2008-05-30 14:17 25,608 --a--c--- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-08-31 10:31 . 2008-08-31 10:31 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\CCP

2008-08-30 22:33 . 2008-08-30 22:33 <KAT> d----c--- C:\Comics

2008-08-30 19:30 . 2008-08-31 22:06 52,736 --a--c--- C:\WINDOWS\ipuninst.exe

2008-08-29 16:07 . 2008-08-29 16:18 <KAT> d----c--- C:\WINDOWS\system32\CatRoot_bak

2008-08-24 12:21 . 2008-08-24 12:21 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\SPORE Creature Creator

2008-08-24 11:56 . 2008-08-24 11:56 <KAT> d----c--- C:\Program\ReflexiveArcade

2008-08-22 17:03 . 2008-08-22 17:04 <KAT> d----c--- C:\Program\QuickTime

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Program\Apple Software Update

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-20 21:59 . 2008-08-20 21:59 <KAT> d----c--- C:\WINDOWS\system32\Adobe

2008-08-20 17:42 . 2008-08-20 17:42 0 --a--c--- C:\Documents and Settings\Lingon\jagex_runescape_preferences.dat

2008-08-20 17:41 . 2008-08-20 17:41 <KAT> d----c--- C:\WINDOWS\.jagex_cache_32

2008-08-17 21:00 . 2008-08-17 21:00 <KAT> d----c--- C:\WINDOWS\Sun

2008-08-17 20:59 . 2008-08-17 20:59 <KAT> d----c--- C:\Program\Java

2008-08-17 20:59 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl

2008-08-17 20:58 . 2008-08-17 20:58 <KAT> d----c--- C:\Program\Delade filer\Java

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2008-08-15 22:23 . 2008-08-16 13:50 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\Bioshock

2008-08-14 23:45 . 2008-08-14 23:45 <KAT> d----c--- C:\Program\MSXML 4.0

2008-08-14 21:14 . 2008-08-14 21:14 <KAT> d----c--- C:\Ny mapp

2008-08-14 16:30 . 2008-08-14 16:30 268 --ah-c--- C:\sqmdata16.sqm

2008-08-14 16:30 . 2008-08-14 16:30 244 --ah-c--- C:\sqmnoopt16.sqm

2008-08-12 16:15 . 2008-08-12 16:15 268 --ah-c--- C:\sqmdata15.sqm

2008-08-12 16:15 . 2008-08-12 16:15 244 --ah-c--- C:\sqmnoopt15.sqm

2008-08-11 16:03 . 2008-08-11 16:03 268 --ah-c--- C:\sqmdata14.sqm

2008-08-11 16:03 . 2008-08-11 16:03 244 --ah-c--- C:\sqmnoopt14.sqm

2008-08-10 23:55 . 2008-08-10 23:55 268 --ah-c--- C:\sqmdata13.sqm

2008-08-10 23:55 . 2008-08-10 23:55 244 --ah-c--- C:\sqmnoopt13.sqm

2008-08-10 02:15 . 2008-08-10 02:15 268 --ah-c--- C:\sqmdata12.sqm

2008-08-10 02:15 . 2008-08-10 02:15 244 --ah-c--- C:\sqmnoopt12.sqm

2008-08-08 23:28 . 2008-08-08 23:28 268 --ah-c--- C:\sqmdata11.sqm

2008-08-08 23:28 . 2008-08-08 23:28 244 --ah-c--- C:\sqmnoopt11.sqm

2008-08-08 16:08 . 2008-08-08 16:08 268 --ah-c--- C:\sqmdata10.sqm

2008-08-08 16:08 . 2008-08-08 16:08 244 --ah-c--- C:\sqmnoopt10.sqm

2008-08-08 06:27 . 2008-08-08 06:27 268 --ah-c--- C:\sqmdata09.sqm

2008-08-08 06:27 . 2008-08-08 06:27 244 --ah-c--- C:\sqmnoopt09.sqm

2008-08-07 19:51 . 2008-08-07 19:51 268 --ah-c--- C:\sqmdata08.sqm

2008-08-07 19:51 . 2008-08-07 19:51 244 --ah-c--- C:\sqmnoopt08.sqm

2008-08-07 16:07 . 2008-08-07 16:07 268 --ah-c--- C:\sqmdata07.sqm

2008-08-07 16:07 . 2008-08-07 16:07 244 --ah-c--- C:\sqmnoopt07.sqm

2008-08-07 06:15 . 2008-08-07 06:15 268 --ah-c--- C:\sqmdata06.sqm

2008-08-07 06:15 . 2008-08-07 06:15 244 --ah-c--- C:\sqmnoopt06.sqm

2008-08-06 16:37 . 2008-08-06 16:37 268 --ah-c--- C:\sqmdata05.sqm

2008-08-06 16:37 . 2008-08-06 16:37 244 --ah-c--- C:\sqmnoopt05.sqm

2008-08-05 19:42 . 2008-08-05 19:42 268 --ah-c--- C:\sqmdata04.sqm

2008-08-05 19:42 . 2008-08-05 19:42 244 --ah-c--- C:\sqmnoopt04.sqm

2008-08-04 16:04 . 2008-08-04 16:04 268 --ah-c--- C:\sqmdata03.sqm

2008-08-04 16:04 . 2008-08-04 16:04 244 --ah-c--- C:\sqmnoopt03.sqm

2008-08-03 09:03 . 2008-08-03 09:03 268 --ah-c--- C:\sqmdata02.sqm

2008-08-03 09:03 . 2008-08-03 09:03 244 --ah-c--- C:\sqmnoopt02.sqm

2008-08-01 16:49 . 2008-08-01 16:49 268 --ah-c--- C:\sqmdata01.sqm

2008-08-01 16:49 . 2008-08-01 16:49 244 --ah-c--- C:\sqmnoopt01.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 19:19 --------- dc----w C:\Documents and Settings\Lingon\Application Data\Skype

2008-09-01 19:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-09-01 18:42 --------- dc----w C:\Program\Delade filer\Wise Installation Wizard

2008-09-01 17:39 537,120 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-01 17:39 50,492 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-01 17:39 494,372 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-01 17:39 46,568,736 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-01 16:27 --------- dc----w C:\Documents and Settings\Lingon\Application Data\skypePM

2008-08-31 20:02 --------- dc----w C:\Documents and Settings\Lingon\Application Data\uTorrent

2008-08-31 19:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\vqpuhwpm

2008-08-31 03:52 --------- dc----w C:\Program\Zoom Player

2008-08-24 10:21 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-24 09:53 --------- dc-h--w C:\Program\InstallShield Installation Information

2008-08-14 18:52 96,976 -c--a-w C:\WINDOWS\system32\drivers\klin.dat

2008-08-14 18:52 87,855 -c--a-w C:\WINDOWS\system32\drivers\klick.dat

2008-07-29 16:33 --------- dc----w C:\Documents and Settings\Lingon\Application Data\fretsonfire

2008-07-28 14:16 --------- dc----w C:\Program\Metaboli Downloader

2008-07-26 18:35 --------- dc-h--r C:\Documents and Settings\Lingon\Application Data\SecuROM

2008-07-26 17:10 94,208 -c--a-w C:\WINDOWS\DIIUnin.exe

2008-07-26 17:10 2,829 -c--a-w C:\WINDOWS\DIIUnin.pif

2008-07-25 20:15 --------- dc----w C:\Program\AGEIA Technologies

2008-07-25 19:38 --------- dc----w C:\Program\DAEMON Tools

2008-07-25 19:35 639,224 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-20 08:57 --------- dc----w C:\Program\ANI

2008-07-20 08:56 --------- dc----w C:\Program\Delade filer\InstallShield

2008-07-20 08:56 --------- dc----w C:\Program\D-Link

2008-07-20 08:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll

2008-07-17 17:13 --------- dc----w C:\Program\SHOUTcast Source

2008-07-17 17:13 --------- dc----w C:\Program\Haali

2008-07-17 17:13 --------- dc----w C:\Program\ffdshow

2008-07-17 17:13 --------- dc----w C:\Program\DSP-worx

2008-07-17 17:12 --------- dc----w C:\Program\DirectVobSub

2008-07-13 14:59 --------- dc----w C:\Program\Skype

2008-07-13 14:59 --------- dc----w C:\Program\Delade filer\Skype

2008-07-13 14:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype

2008-07-07 20:32 253,952 -c--a-w C:\WINDOWS\system32\es.dll

2008-07-04 12:50 --------- dc----w C:\Program\uTorrent

2008-06-24 16:25 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 659,968 -c--a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 247,296 -c--a-w C:\WINDOWS\system32\mswsock.dll

2008-06-18 16:18 499,712 -c--a-w C:\WINDOWS\system32\msvcp71.dll

2008-06-18 16:18 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-17 18:14 10,420,936 -c--a-w C:\Program\xlviewer.exe

2008-04-16 15:42 536,926 -c--a-w C:\Program\screen_recorder.exe

2008-03-08 21:54 408,552,226 -c--a-w C:\Program\Patch_NA_Europe_Germany_MP_1.0_(1.0.27.4101.a).exe

2008-01-15 21:54 22,766,896 -c--a-w C:\Program\QuickTime740Installer.exe

.

<pre>
-c--a-w            14,756 2008-05-09 22:51:20  C:\Program\DC++\Downloads\Serials,Key gens & cracks\Key Generators\microsoft Win keygen .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-09-01_19.46.26.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-29 09:19:50 12,960 -c--a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

+ 2008-04-29 09:19:54 15,648 -c--a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

+ 2008-04-29 09:20:00 15,648 -c--a-w C:\WINDOWS\system32\drivers\NSDriver.sys

+ 2008-05-16 09:58:04 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe

+ 2004-12-07 08:11:00 258,352 -c--a-w C:\WINDOWS\system32\unicows.dll

+ 2006-09-11 09:56:00 526,184 -c--a-w C:\WINDOWS\system32\XceedCry.dll

+ 2006-12-21 13:18:00 497,496 -c--a-w C:\WINDOWS\system32\XceedZip.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:35 5724184]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Veoh"="C:\Program\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]

"Aim6"="C:\Program\AIM6\aim6.exe" [2008-06-12 22:47 50528]

"Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

"WebDb"="C:\WINDOWS\system32\raneryzw.exe" [2008-08-31 21:42 90112]

"uimsgsrv"="C:\WINDOWS\system32\ctenqhcv.exe" [2008-09-01 20:26 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-06-18 18:17 185896]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"D-Link AirPlus G"="C:\Program\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 15:50 1556480]

"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]

"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]

"ANIWZCS2Service"="C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"Antivirus"="C:\Program\SAV\sav.exe" [2008-08-15 17:33 401408]

"SpyHunter Security Suite"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"R0V8216qXk"="C:\Documents and Settings\All Users\Application Data\vqpuhwpm\dqvcjqna.exe" [2008-08-31 21:42 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\Delade filer\\AOL\\Loader\\aolload.exe"=

"C:\\Program\\AIM6\\aim6.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\Program\\Skype\\Phone\\Skype.exe"=

 

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-08-31 18:53]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc []

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]

S3 PciCon;PciCon;J:\PciCon.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Lingon\Application Data\Mozilla\Firefox\Profiles\jgkz3kos.defaultFireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npViewpoint.dll

FF -: plugin - C:\Program\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF -: plugin - C:\Program\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 21:24:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Veoh"="\"C:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"

.

Completion time: 2008-09-01 21:25:13

ComboFix-quarantined-files.txt 2008-09-01 19:24:52

ComboFix2.txt 2008-09-01 18:01:03

ComboFix3.txt 2008-09-01 17:46:56

 

Pre-Run: 40,594,083,840 byte ledigt

Post-Run: 40,573,517,824 byte ledigt

 

247 --- E O F --- 2008-08-14 21:46:35

[/log]

 

Link to comment
Share on other sites

Tack för den nya tråden.

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

Skapa en ny ComboFIx-logg också och klistra in här.

 

Link to comment
Share on other sites

Detta är vad jag fick fram;

 

[log]ComboFix 08-08-31.01 - Lingon 2008-09-02 16:40:47.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1647 [GMT 2:00]

Running from: C:\Documents and Settings\Lingon\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))

.

 

2008-09-02 16:21 . 2008-09-02 16:21 <KAT> d----c--- C:\WINDOWS\ERUNT

2008-09-02 16:15 . 2008-09-02 16:31 <KAT> d----c--- C:\SDFix

2008-09-02 16:05 . 2008-09-02 16:05 90,112 --a--c--- C:\WINDOWS\system32\tsvypwhq.exe

2008-09-01 21:58 . 2008-09-01 21:58 86,016 --a--c--- C:\WINDOWS\system32\ghenebor.exe

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Program\Lavasoft

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-01 20:26 . 2008-09-01 20:26 86,016 --a--c--- C:\WINDOWS\system32\ctenqhcv.exe

2008-09-01 20:20 . 2008-09-01 20:25 <KAT> d----c--- C:\Program\RegCure

2008-09-01 20:13 . 2008-09-01 20:13 <KAT> d----c--- C:\Program\Enigma Software Group

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\Lingon\Lokala instõllningar

2008-08-31 21:42 . 2008-08-31 21:42 <KAT> d----c--- C:\Program\SAV

2008-08-31 21:42 . 2008-08-31 21:42 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\vqpuhwpm

2008-08-31 21:42 . 2008-08-13 19:10 168,448 --a--c--- C:\WINDOWS\system32\sav.cpl

2008-08-31 21:42 . 2008-08-31 21:42 90,112 --a--c--- C:\WINDOWS\system32\raneryzw.exe

2008-08-31 18:53 . 2008-08-31 18:53 2,915,944 --a--c--- C:\WINDOWS\system32\drivers\appdrv01.sys

2008-08-31 18:53 . 2008-08-31 18:53 304,528 --a--c--- C:\WINDOWS\system32\appdrvrem01.exe

2008-08-31 16:46 . 2008-08-31 16:46 <KAT> d----c--- C:\WINDOWS\Logs

2008-08-31 16:46 . 2008-05-30 14:11 3,850,760 --a--c--- C:\WINDOWS\system32\D3DX9_38.dll

2008-08-31 16:46 . 2008-05-30 14:11 1,491,992 --a--c--- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-08-31 16:46 . 2008-05-30 14:19 507,400 --a--c--- C:\WINDOWS\system32\XAudio2_1.dll

2008-08-31 16:46 . 2008-05-30 14:11 467,984 --a--c--- C:\WINDOWS\system32\d3dx10_38.dll

2008-08-31 16:46 . 2008-05-30 14:18 238,088 --a--c--- C:\WINDOWS\system32\xactengine3_1.dll

2008-08-31 16:46 . 2008-05-30 14:17 65,032 --a--c--- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-08-31 16:46 . 2008-05-30 14:17 25,608 --a--c--- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-08-31 10:31 . 2008-08-31 10:31 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\CCP

2008-08-30 22:33 . 2008-08-30 22:33 <KAT> d----c--- C:\Comics

2008-08-30 19:30 . 2008-08-31 22:06 52,736 --a--c--- C:\WINDOWS\ipuninst.exe

2008-08-29 16:07 . 2008-08-29 16:18 <KAT> d----c--- C:\WINDOWS\system32\CatRoot_bak

2008-08-24 12:21 . 2008-08-24 12:21 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\SPORE Creature Creator

2008-08-24 11:56 . 2008-08-24 11:56 <KAT> d----c--- C:\Program\ReflexiveArcade

2008-08-22 17:03 . 2008-08-22 17:04 <KAT> d----c--- C:\Program\QuickTime

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Program\Apple Software Update

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-20 21:59 . 2008-08-20 21:59 <KAT> d----c--- C:\WINDOWS\system32\Adobe

2008-08-20 17:42 . 2008-08-20 17:42 0 --a--c--- C:\Documents and Settings\Lingon\jagex_runescape_preferences.dat

2008-08-20 17:41 . 2008-08-20 17:41 <KAT> d----c--- C:\WINDOWS\.jagex_cache_32

2008-08-17 21:00 . 2008-08-17 21:00 <KAT> d----c--- C:\WINDOWS\Sun

2008-08-17 20:59 . 2008-08-17 20:59 <KAT> d----c--- C:\Program\Java

2008-08-17 20:59 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl

2008-08-17 20:58 . 2008-08-17 20:58 <KAT> d----c--- C:\Program\Delade filer\Java

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2008-08-15 22:23 . 2008-08-16 13:50 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\Bioshock

2008-08-14 23:45 . 2008-08-14 23:45 <KAT> d----c--- C:\Program\MSXML 4.0

2008-08-14 21:14 . 2008-08-14 21:14 <KAT> d----c--- C:\Ny mapp

2008-08-14 16:30 . 2008-08-14 16:30 268 --ah-c--- C:\sqmdata16.sqm

2008-08-14 16:30 . 2008-08-14 16:30 244 --ah-c--- C:\sqmnoopt16.sqm

2008-08-12 16:15 . 2008-08-12 16:15 268 --ah-c--- C:\sqmdata15.sqm

2008-08-12 16:15 . 2008-08-12 16:15 244 --ah-c--- C:\sqmnoopt15.sqm

2008-08-11 16:03 . 2008-08-11 16:03 268 --ah-c--- C:\sqmdata14.sqm

2008-08-11 16:03 . 2008-08-11 16:03 244 --ah-c--- C:\sqmnoopt14.sqm

2008-08-10 23:55 . 2008-08-10 23:55 268 --ah-c--- C:\sqmdata13.sqm

2008-08-10 23:55 . 2008-08-10 23:55 244 --ah-c--- C:\sqmnoopt13.sqm

2008-08-10 02:15 . 2008-08-10 02:15 268 --ah-c--- C:\sqmdata12.sqm

2008-08-10 02:15 . 2008-08-10 02:15 244 --ah-c--- C:\sqmnoopt12.sqm

2008-08-08 23:28 . 2008-08-08 23:28 268 --ah-c--- C:\sqmdata11.sqm

2008-08-08 23:28 . 2008-08-08 23:28 244 --ah-c--- C:\sqmnoopt11.sqm

2008-08-08 16:08 . 2008-08-08 16:08 268 --ah-c--- C:\sqmdata10.sqm

2008-08-08 16:08 . 2008-08-08 16:08 244 --ah-c--- C:\sqmnoopt10.sqm

2008-08-08 06:27 . 2008-08-08 06:27 268 --ah-c--- C:\sqmdata09.sqm

2008-08-08 06:27 . 2008-08-08 06:27 244 --ah-c--- C:\sqmnoopt09.sqm

2008-08-07 19:51 . 2008-08-07 19:51 268 --ah-c--- C:\sqmdata08.sqm

2008-08-07 19:51 . 2008-08-07 19:51 244 --ah-c--- C:\sqmnoopt08.sqm

2008-08-07 16:07 . 2008-08-07 16:07 268 --ah-c--- C:\sqmdata07.sqm

2008-08-07 16:07 . 2008-08-07 16:07 244 --ah-c--- C:\sqmnoopt07.sqm

2008-08-07 06:15 . 2008-08-07 06:15 268 --ah-c--- C:\sqmdata06.sqm

2008-08-07 06:15 . 2008-08-07 06:15 244 --ah-c--- C:\sqmnoopt06.sqm

2008-08-06 16:37 . 2008-08-06 16:37 268 --ah-c--- C:\sqmdata05.sqm

2008-08-06 16:37 . 2008-08-06 16:37 244 --ah-c--- C:\sqmnoopt05.sqm

2008-08-05 19:42 . 2008-08-05 19:42 268 --ah-c--- C:\sqmdata04.sqm

2008-08-05 19:42 . 2008-08-05 19:42 244 --ah-c--- C:\sqmnoopt04.sqm

2008-08-04 16:04 . 2008-08-04 16:04 268 --ah-c--- C:\sqmdata03.sqm

2008-08-04 16:04 . 2008-08-04 16:04 244 --ah-c--- C:\sqmnoopt03.sqm

2008-08-03 09:03 . 2008-08-03 09:03 268 --ah-c--- C:\sqmdata02.sqm

2008-08-03 09:03 . 2008-08-03 09:03 244 --ah-c--- C:\sqmnoopt02.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-02 14:39 --------- dc----w C:\Documents and Settings\Lingon\Application Data\Skype

2008-09-02 14:31 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-09-02 14:18 537,120 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-02 14:18 51,044 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-02 14:18 496,220 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-02 14:18 46,568,736 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-02 14:05 --------- dc----w C:\Documents and Settings\Lingon\Application Data\skypePM

2008-09-01 18:42 --------- dc----w C:\Program\Delade filer\Wise Installation Wizard

2008-08-31 20:02 --------- dc----w C:\Documents and Settings\Lingon\Application Data\uTorrent

2008-08-31 19:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\vqpuhwpm

2008-08-31 03:52 --------- dc----w C:\Program\Zoom Player

2008-08-24 10:21 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-24 09:53 --------- dc-h--w C:\Program\InstallShield Installation Information

2008-08-14 18:52 96,976 -c--a-w C:\WINDOWS\system32\drivers\klin.dat

2008-08-14 18:52 87,855 -c--a-w C:\WINDOWS\system32\drivers\klick.dat

2008-07-29 16:33 --------- dc----w C:\Documents and Settings\Lingon\Application Data\fretsonfire

2008-07-28 14:16 --------- dc----w C:\Program\Metaboli Downloader

2008-07-26 18:35 --------- dc-h--r C:\Documents and Settings\Lingon\Application Data\SecuROM

2008-07-26 17:10 94,208 -c--a-w C:\WINDOWS\DIIUnin.exe

2008-07-26 17:10 2,829 -c--a-w C:\WINDOWS\DIIUnin.pif

2008-07-25 20:15 --------- dc----w C:\Program\AGEIA Technologies

2008-07-25 19:38 --------- dc----w C:\Program\DAEMON Tools

2008-07-25 19:35 639,224 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-20 08:57 --------- dc----w C:\Program\ANI

2008-07-20 08:56 --------- dc----w C:\Program\Delade filer\InstallShield

2008-07-20 08:56 --------- dc----w C:\Program\D-Link

2008-07-20 08:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll

2008-07-17 17:13 --------- dc----w C:\Program\SHOUTcast Source

2008-07-17 17:13 --------- dc----w C:\Program\Haali

2008-07-17 17:13 --------- dc----w C:\Program\ffdshow

2008-07-17 17:13 --------- dc----w C:\Program\DSP-worx

2008-07-17 17:12 --------- dc----w C:\Program\DirectVobSub

2008-07-13 14:59 --------- dc----w C:\Program\Skype

2008-07-13 14:59 --------- dc----w C:\Program\Delade filer\Skype

2008-07-13 14:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype

2008-07-07 20:32 253,952 -c--a-w C:\WINDOWS\system32\es.dll

2008-07-04 12:50 --------- dc----w C:\Program\uTorrent

2008-06-24 16:25 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 659,968 -c--a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 247,296 -c--a-w C:\WINDOWS\system32\mswsock.dll

2008-06-18 16:18 499,712 -c--a-w C:\WINDOWS\system32\msvcp71.dll

2008-06-18 16:18 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-17 18:14 10,420,936 -c--a-w C:\Program\xlviewer.exe

2008-04-16 15:42 536,926 -c--a-w C:\Program\screen_recorder.exe

2008-03-08 21:54 408,552,226 -c--a-w C:\Program\Patch_NA_Europe_Germany_MP_1.0_(1.0.27.4101.a).exe

2008-01-15 21:54 22,766,896 -c--a-w C:\Program\QuickTime740Installer.exe

.

<pre>
-c--a-w            14,756 2008-05-09 22:51:20  C:\Program\DC++\Downloads\Serials,Key gens & cracks\Key Generators\microsoft Win keygen .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-09-01_19.46.26.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-07 14:27:04 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-09-02 14:21:57 4,313,088 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-09-02 14:21:57 225,280 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 14:27:04 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-09-02 14:21:56 4,313,088 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-09-02 14:21:56 225,280 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-04-29 09:19:50 12,960 -c--a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

+ 2008-04-29 09:19:54 15,648 -c--a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

+ 2008-04-29 09:20:00 15,648 -c--a-w C:\WINDOWS\system32\drivers\NSDriver.sys

+ 2008-05-16 09:58:04 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe

+ 2004-12-07 08:11:00 258,352 -c--a-w C:\WINDOWS\system32\unicows.dll

+ 2006-09-11 09:56:00 526,184 -c--a-w C:\WINDOWS\system32\XceedCry.dll

+ 2006-12-21 13:18:00 497,496 -c--a-w C:\WINDOWS\system32\XceedZip.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:35 5724184]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Veoh"="C:\Program\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]

"Aim6"="C:\Program\AIM6\aim6.exe" [2008-06-12 22:47 50528]

"Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

"WebDb"="C:\WINDOWS\system32\raneryzw.exe" [2008-08-31 21:42 90112]

"uimsgsrv"="C:\WINDOWS\system32\ctenqhcv.exe" [2008-09-01 20:26 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-06-18 18:17 185896]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"D-Link AirPlus G"="C:\Program\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 15:50 1556480]

"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]

"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]

"ANIWZCS2Service"="C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"SpyHunter Security Suite"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\Delade filer\\AOL\\Loader\\aolload.exe"=

"C:\\Program\\AIM6\\aim6.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\Program\\Skype\\Phone\\Skype.exe"=

 

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-08-31 18:53]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc []

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]

S3 PciCon;PciCon;J:\PciCon.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Lingon\Application Data\Mozilla\Firefox\Profiles\jgkz3kos.defaultFireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npViewpoint.dll

FF -: plugin - C:\Program\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF -: plugin - C:\Program\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2008-09-02 16:42:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Veoh"="\"C:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"

.

Completion time: 2008-09-02 16:44:11

ComboFix-quarantined-files.txt 2008-09-02 14:43:19

ComboFix2.txt 2008-09-01 19:25:17

ComboFix3.txt 2008-09-01 18:01:03

ComboFix4.txt 2008-09-01 17:46:56

 

Pre-Run: 40,547,598,336 byte ledigt

Post-Run: 40,527,757,312 byte ledigt

 

248 --- E O F --- 2008-08-14 21:46:35

[/log]

 

[log]

SDFix: Version 1.220

Run by Lingon on 2008-09-02 at 16:23

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\msxml71.dll - Deleted

 

 

 

Folder C:\Documents and Settings\Lingon\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 16:30:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:515200eb

"s2"=dword:6c235fc5

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:62,0d,08,9d,7b,cd,61,86,3d,35,a8,42,11,3c,e9,12,49,7a,77,23,f9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,97,1e,8a,cb,8c,b6,40,ae,2b,ed,21,30,49,18,5c,67,49,..

"khjeh"=hex:ca,c1,27,26,6a,e4,e5,f6,dd,fb,37,90,25,1c,7e,84,bc,7c,c2,7a,a3,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5b,f5,54,82,90,e8,68,40,91,80,e5,05,ae,93,98,ca,0c,73,3f,06,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:62,0d,08,9d,7b,cd,61,86,3d,35,a8,42,11,3c,e9,12,49,7a,77,23,f9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,97,1e,8a,cb,8c,b6,40,ae,2b,ed,21,30,49,18,5c,67,49,..

"khjeh"=hex:ca,c1,27,26,6a,e4,e5,f6,dd,fb,37,90,25,1c,7e,84,bc,7c,c2,7a,a3,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5b,f5,54,82,90,e8,68,40,91,80,e5,05,ae,93,98,ca,0c,73,3f,06,dd,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\Delade filer\\AOL\\Loader\\aolload.exe"="C:\\Program\\Delade filer\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program\\AIM6\\aim6.exe"="C:\\Program\\AIM6\\aim6.exe:*:Enabled:AIM"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 16 Sep 1996 202,240 A..H. --- "C:\Spel\Neverhood\setup95.exe"

Fri 15 Aug 2008 859 ...HR --- "C:\Documents and Settings\Lingon\Application Data\SecuROM\UserData\securom_v7_01.bak"

 

Finished!

 

[/log]

 

Link to comment
Share on other sites

Om RegCure finns i Kontrollpanelen - Lägg till eller ta bort program så ta bort det. Orsak: http://www.mywot.com/en/scorecard/regcure.com

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\tsvypwhq.exe

C:\WINDOWS\system32\ghenebor.exe

C:\WINDOWS\system32\ctenqhcv.exe

C:\WINDOWS\system32\sav.cpl

C:\WINDOWS\system32\raneryzw.exe

C:\WINDOWS\system32\drivers\appdrv01.sys

C:\WINDOWS\system32\appdrvrem01.exe

 

Vad finns i mapparna:

C:\Program\SAV

C:\Documents and Settings\All Users\Application Data\vqpuhwpm

 

 

Link to comment
Share on other sites

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 W32/PolySmall.BP!tr

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5374 2008.09.01 -

Microsoft 1.3807 2008.09.02 TrojanDownloader:Win32/FakeAlert.C

NOD32v2 3407 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Cloaked Malware

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 Mal/EncPk-DG

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 W32/PolySmall.BP!tr

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5374 2008.09.01 -

Microsoft 1.3807 2008.09.02 TrojanDownloader:Win32/FakeAlert.C

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Malicious Software

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 Mal/EncPk-DG

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 W32/PolySmall.BP!tr

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5374 2008.09.01 -

Microsoft 1.3807 2008.09.02 TrojanDownloader:Win32/FakeAlert.C

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Malicious Software

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 Mal/EncPk-DG

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 Win32:Trojan-gen {Other}

AVG 8.0.0.161 2008.09.02 FakeAlert.AN

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 FraudTool.UltimateAntivirus.b (Not a Virus)

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 Suspicious File

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 FraudTool.Win32.UltimateAntivirus.bf

Fortinet 3.14.0.0 2008.09.02 Misc/UltimateAntivirus

GData 19 2008.09.02 Win32:Trojan-gen

Ikarus T3.1.1.34.0 2008.09.02 Generic.Win32.Malware.Antivirus2008

K7AntiVirus 7.10.437 2008.09.02 not-a-virus:FraudTool.Win32.UltimateAntivirus.bf

Kaspersky 7.0.0.125 2008.09.02 not-a-virus:FraudTool.Win32.UltimateAntivirus.bf

McAfee 5374 2008.09.01 potentially unwanted program Generic PUP

Microsoft 1.3807 2008.09.02 Program:Win32/Antivirus2008

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 W32/AntiVirus2008.DC

Panda 9.0.0.4 2008.09.02 Adware/Antivirus2008XP

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Worm

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 System AntiVirus 2008 (Sav)

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 Aplicacion/UltimateAntivirus.bf

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 Win32.Malware.gen (suspicious)[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 W32/PolySmall.BP!tr

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5374 2008.09.01 -

Microsoft 1.3807 2008.09.02 TrojanDownloader:Win32/FakeAlert.C

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Malicious Software

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 Mal/EncPk-DG

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 -

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5374 2008.09.01 -

Microsoft 1.3807 2008.09.02 -

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 Win32.Malware.gen (suspicious)[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 -

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5375 2008.09.02 -

Microsoft 1.3807 2008.09.02 -

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 -

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.069 2008.09.01 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

C:\Program\SAV:

sav0.dat

sav1.dat

sav.cpl

sav.exe

 

C:\Documents and Settings\All Users\Application Data\vqpuhwpm:

dpvcjqna.exe

 

Link to comment
Share on other sites

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 Adware.Brasen-2

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 Adware.DrAntispy

F-Prot 4.4.4.56 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 -

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5375 2008.09.02 -

Microsoft 1.3807 2008.09.02 Program:Win32/Antivirus2008

NOD32v2 3408 2008.09.02 -

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.070 2008.09.02 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 Adware.AVProtect.R.410880

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 -

AVG 8.0.0.161 2008.09.02 -

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 -

Fortinet 3.14.0.0 2008.09.02 -

GData 19 2008.09.02 -

Ikarus T3.1.1.34.0 2008.09.02 -

K7AntiVirus 7.10.437 2008.09.02 -

Kaspersky 7.0.0.125 2008.09.02 -

McAfee 5375 2008.09.02 -

Microsoft 1.3807 2008.09.02 Program:Win32/Antivirus2008

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 Antivirus2008.EO

Panda 9.0.0.4 2008.09.02 -

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 -

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.070 2008.09.02 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 -[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 -

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 Win32:Trojan-gen {Other}

AVG 8.0.0.161 2008.09.02 FakeAlert.AN

BitDefender 7.2 2008.09.02 -

CAT-QuickHeal 9.50 2008.09.02 FraudTool.UltimateAntivirus.b (Not a Virus)

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 Suspicious File

eTrust-Vet 31.6.6064 2008.09.02 -

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 FraudTool.Win32.UltimateAntivirus.bf

Fortinet 3.14.0.0 2008.09.02 Misc/UltimateAntivirus

GData 19 2008.09.02 Win32:Trojan-gen

Ikarus T3.1.1.34.0 2008.09.02 Generic.Win32.Malware.Antivirus2008

K7AntiVirus 7.10.437 2008.09.02 not-a-virus:FraudTool.Win32.UltimateAntivirus.bf

Kaspersky 7.0.0.125 2008.09.02 not-a-virus:FraudTool.Win32.UltimateAntivirus.bf

McAfee 5375 2008.09.02 potentially unwanted program Generic PUP

Microsoft 1.3807 2008.09.02 Program:Win32/Antivirus2008

NOD32v2 3408 2008.09.02 -

Norman 5.80.02 2008.09.02 W32/AntiVirus2008.DC

Panda 9.0.0.4 2008.09.02 Adware/Antivirus2008XP

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Worm

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 System AntiVirus 2008 (Sav)

Symantec 10 2008.09.02 -

TheHacker 6.3.0.8.070 2008.09.02 Aplicacion/UltimateAntivirus.bf

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 Win32.Malware.gen (suspicious)[/log]

 

[log]AhnLab-V3 2008.9.3.0 2008.09.02 -

AntiVir 7.8.1.23 2008.09.02 TR/FakeAV.AD.16

Authentium 5.1.0.4 2008.09.02 -

Avast 4.8.1195.0 2008.09.02 Win32:Trojan-gen {Other}

AVG 8.0.0.161 2008.09.02 FakeAlert.AO

BitDefender 7.2 2008.09.02 GenPack:Trojan.Fakeav.AD

CAT-QuickHeal 9.50 2008.09.02 FraudTool.MSAntivirus.k (Not a Virus)

ClamAV 0.93.1 2008.09.02 -

DrWeb 4.44.0.09170 2008.09.02 -

eSafe 7.0.17.0 2008.09.02 -

eTrust-Vet 31.6.6064 2008.09.02 Win32/FakeAVE!generic

Ewido 4.0 2008.09.02 -

F-Prot 4.4.4.56 2008.09.02 -

F-Secure 8.0.14332.0 2008.09.02 FraudTool.Win32.MSAntivirus.k

Fortinet 3.14.0.0 2008.09.02 -

GData 19 2008.09.02 Win32:Trojan-gen

Ikarus T3.1.1.34.0 2008.09.02 Generic.Trojan.Fakeav.AD

K7AntiVirus 7.10.437 2008.09.02 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2008.09.02 not-a-virus:FraudTool.Win32.MSAntivirus.k

McAfee 5375 2008.09.02 FakeAlert-AB

Microsoft 1.3807 2008.09.02 -

NOD32v2 3408 2008.09.02 Win32/Adware.Antivirus2008

Norman 5.80.02 2008.09.02 AntiVirus2008.EA

Panda 9.0.0.4 2008.09.02 Adware/Antivirus2008XP

PCTools 4.4.2.0 2008.09.02 -

Prevx1 V2 2008.09.02 Malicious Software

Rising 20.60.11.00 2008.09.02 -

Sophos 4.33.0 2008.09.02 -

Sunbelt 3.1.1592.1 2008.08.30 System AntiVirus 2008 (Sav)

Symantec 10 2008.09.02 AntiVirus2008

TheHacker 6.3.0.8.070 2008.09.02 -

TrendMicro 8.700.0.1004 2008.09.02 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.02 -

VirusBuster 4.5.11.0 2008.09.02 -

Webwasher-Gateway 6.6.2 2008.09.02 Trojan.FakeAV.AD.16[/log]

 

Link to comment
Share on other sites

Kopiera alla rader i rutan (använd markera kod)

File::
C:\WINDOWS\system32\tsvypwhq.exe
C:\WINDOWS\system32\ghenebor.exe
C:\WINDOWS\system32\ctenqhcv.exe
C:\WINDOWS\system32\sav.cpl
C:\WINDOWS\system32\raneryzw.exe
Folder::
C:\Program\SAV
C:\Documents and Settings\All Users\Application Data\vqpuhwpm
C:\Program\RegCure

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Link to comment
Share on other sites

[log]ComboFix 08-08-31.01 - Lingon 2008-09-02 21:43:29.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1592 [GMT 2:00]

Running from: C:\Documents and Settings\Lingon\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lingon\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\ctenqhcv.exe

C:\WINDOWS\system32\ghenebor.exe

C:\WINDOWS\system32\raneryzw.exe

C:\WINDOWS\system32\sav.cpl

C:\WINDOWS\system32\tsvypwhq.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\vqpuhwpm

C:\Documents and Settings\All Users\Application Data\vqpuhwpm\dqvcjqna.exe

C:\Program\SAV

C:\Program\SAV\sav.cpl

C:\Program\SAV\sav.exe

C:\Program\SAV\sav0.dat

C:\Program\SAV\sav1.dat

C:\WINDOWS\system32\ctenqhcv.exe

C:\WINDOWS\system32\ghenebor.exe

C:\WINDOWS\system32\raneryzw.exe

C:\WINDOWS\system32\sav.cpl

C:\WINDOWS\system32\tsvypwhq.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))

.

 

2008-09-02 16:21 . 2008-09-02 16:21 <KAT> d----c--- C:\WINDOWS\ERUNT

2008-09-02 16:15 . 2008-09-02 16:31 <KAT> d----c--- C:\SDFix

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Program\Lavasoft

2008-09-01 20:43 . 2008-09-01 20:43 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-09-01 20:13 . 2008-09-01 20:13 <KAT> d----c--- C:\Program\Enigma Software Group

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-01 19:46 . 2008-09-01 19:46 <KAT> d----c--- C:\Documents and Settings\Lingon\Lokala instõllningar

2008-08-31 18:53 . 2008-08-31 18:53 2,915,944 --a--c--- C:\WINDOWS\system32\drivers\appdrv01.sys

2008-08-31 18:53 . 2008-08-31 18:53 304,528 --a--c--- C:\WINDOWS\system32\appdrvrem01.exe

2008-08-31 16:46 . 2008-08-31 16:46 <KAT> d----c--- C:\WINDOWS\Logs

2008-08-31 16:46 . 2008-05-30 14:11 3,850,760 --a--c--- C:\WINDOWS\system32\D3DX9_38.dll

2008-08-31 16:46 . 2008-05-30 14:11 1,491,992 --a--c--- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-08-31 16:46 . 2008-05-30 14:19 507,400 --a--c--- C:\WINDOWS\system32\XAudio2_1.dll

2008-08-31 16:46 . 2008-05-30 14:11 467,984 --a--c--- C:\WINDOWS\system32\d3dx10_38.dll

2008-08-31 16:46 . 2008-05-30 14:18 238,088 --a--c--- C:\WINDOWS\system32\xactengine3_1.dll

2008-08-31 16:46 . 2008-05-30 14:17 65,032 --a--c--- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-08-31 16:46 . 2008-05-30 14:17 25,608 --a--c--- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-08-31 10:31 . 2008-08-31 10:31 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\CCP

2008-08-30 22:33 . 2008-08-30 22:33 <KAT> d----c--- C:\Comics

2008-08-30 19:30 . 2008-08-31 22:06 52,736 --a--c--- C:\WINDOWS\ipuninst.exe

2008-08-29 16:07 . 2008-08-29 16:18 <KAT> d----c--- C:\WINDOWS\system32\CatRoot_bak

2008-08-24 12:21 . 2008-08-24 12:21 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\SPORE Creature Creator

2008-08-24 11:56 . 2008-08-24 11:56 <KAT> d----c--- C:\Program\ReflexiveArcade

2008-08-22 17:03 . 2008-08-22 17:04 <KAT> d----c--- C:\Program\QuickTime

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Program\Apple Software Update

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-22 17:03 . 2008-08-22 17:03 <KAT> d----c--- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-20 21:59 . 2008-08-20 21:59 <KAT> d----c--- C:\WINDOWS\system32\Adobe

2008-08-20 17:42 . 2008-08-20 17:42 0 --a--c--- C:\Documents and Settings\Lingon\jagex_runescape_preferences.dat

2008-08-20 17:41 . 2008-08-20 17:41 <KAT> d----c--- C:\WINDOWS\.jagex_cache_32

2008-08-17 21:00 . 2008-08-17 21:00 <KAT> d----c--- C:\WINDOWS\Sun

2008-08-17 20:59 . 2008-08-17 20:59 <KAT> d----c--- C:\Program\Java

2008-08-17 20:59 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\system32\javacpl.cpl

2008-08-17 20:58 . 2008-08-17 20:58 <KAT> d----c--- C:\Program\Delade filer\Java

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-15 22:28 . 2008-08-15 22:28 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2008-08-15 22:23 . 2008-08-16 13:50 <KAT> d----c--- C:\Documents and Settings\Lingon\Application Data\Bioshock

2008-08-14 23:45 . 2008-08-14 23:45 <KAT> d----c--- C:\Program\MSXML 4.0

2008-08-14 21:14 . 2008-08-14 21:14 <KAT> d----c--- C:\Ny mapp

2008-08-14 16:30 . 2008-08-14 16:30 268 --ah-c--- C:\sqmdata16.sqm

2008-08-14 16:30 . 2008-08-14 16:30 244 --ah-c--- C:\sqmnoopt16.sqm

2008-08-12 16:15 . 2008-08-12 16:15 268 --ah-c--- C:\sqmdata15.sqm

2008-08-12 16:15 . 2008-08-12 16:15 244 --ah-c--- C:\sqmnoopt15.sqm

2008-08-11 16:03 . 2008-08-11 16:03 268 --ah-c--- C:\sqmdata14.sqm

2008-08-11 16:03 . 2008-08-11 16:03 244 --ah-c--- C:\sqmnoopt14.sqm

2008-08-10 23:55 . 2008-08-10 23:55 268 --ah-c--- C:\sqmdata13.sqm

2008-08-10 23:55 . 2008-08-10 23:55 244 --ah-c--- C:\sqmnoopt13.sqm

2008-08-10 02:15 . 2008-08-10 02:15 268 --ah-c--- C:\sqmdata12.sqm

2008-08-10 02:15 . 2008-08-10 02:15 244 --ah-c--- C:\sqmnoopt12.sqm

2008-08-08 23:28 . 2008-08-08 23:28 268 --ah-c--- C:\sqmdata11.sqm

2008-08-08 23:28 . 2008-08-08 23:28 244 --ah-c--- C:\sqmnoopt11.sqm

2008-08-08 16:08 . 2008-08-08 16:08 268 --ah-c--- C:\sqmdata10.sqm

2008-08-08 16:08 . 2008-08-08 16:08 244 --ah-c--- C:\sqmnoopt10.sqm

2008-08-08 06:27 . 2008-08-08 06:27 268 --ah-c--- C:\sqmdata09.sqm

2008-08-08 06:27 . 2008-08-08 06:27 244 --ah-c--- C:\sqmnoopt09.sqm

2008-08-07 19:51 . 2008-08-07 19:51 268 --ah-c--- C:\sqmdata08.sqm

2008-08-07 19:51 . 2008-08-07 19:51 244 --ah-c--- C:\sqmnoopt08.sqm

2008-08-07 16:07 . 2008-08-07 16:07 268 --ah-c--- C:\sqmdata07.sqm

2008-08-07 16:07 . 2008-08-07 16:07 244 --ah-c--- C:\sqmnoopt07.sqm

2008-08-07 06:15 . 2008-08-07 06:15 268 --ah-c--- C:\sqmdata06.sqm

2008-08-07 06:15 . 2008-08-07 06:15 244 --ah-c--- C:\sqmnoopt06.sqm

2008-08-06 16:37 . 2008-08-06 16:37 268 --ah-c--- C:\sqmdata05.sqm

2008-08-06 16:37 . 2008-08-06 16:37 244 --ah-c--- C:\sqmnoopt05.sqm

2008-08-05 19:42 . 2008-08-05 19:42 268 --ah-c--- C:\sqmdata04.sqm

2008-08-05 19:42 . 2008-08-05 19:42 244 --ah-c--- C:\sqmnoopt04.sqm

2008-08-04 16:04 . 2008-08-04 16:04 268 --ah-c--- C:\sqmdata03.sqm

2008-08-04 16:04 . 2008-08-04 16:04 244 --ah-c--- C:\sqmnoopt03.sqm

2008-08-03 09:03 . 2008-08-03 09:03 268 --ah-c--- C:\sqmdata02.sqm

2008-08-03 09:03 . 2008-08-03 09:03 244 --ah-c--- C:\sqmnoopt02.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-02 16:39 --------- dc----w C:\Program\Zoom Player

2008-09-02 14:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-09-02 14:39 --------- dc----w C:\Documents and Settings\Lingon\Application Data\Skype

2008-09-02 14:18 537,120 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-02 14:18 51,044 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-02 14:18 496,220 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-02 14:18 46,568,736 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-02 14:05 --------- dc----w C:\Documents and Settings\Lingon\Application Data\skypePM

2008-09-01 18:42 --------- dc----w C:\Program\Delade filer\Wise Installation Wizard

2008-08-31 20:02 --------- dc----w C:\Documents and Settings\Lingon\Application Data\uTorrent

2008-08-24 10:21 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-24 09:53 --------- dc-h--w C:\Program\InstallShield Installation Information

2008-08-14 18:52 96,976 -c--a-w C:\WINDOWS\system32\drivers\klin.dat

2008-08-14 18:52 87,855 -c--a-w C:\WINDOWS\system32\drivers\klick.dat

2008-07-29 16:33 --------- dc----w C:\Documents and Settings\Lingon\Application Data\fretsonfire

2008-07-28 14:16 --------- dc----w C:\Program\Metaboli Downloader

2008-07-26 18:35 --------- dc-h--r C:\Documents and Settings\Lingon\Application Data\SecuROM

2008-07-26 17:10 94,208 -c--a-w C:\WINDOWS\DIIUnin.exe

2008-07-26 17:10 2,829 -c--a-w C:\WINDOWS\DIIUnin.pif

2008-07-25 20:15 --------- dc----w C:\Program\AGEIA Technologies

2008-07-25 19:38 --------- dc----w C:\Program\DAEMON Tools

2008-07-25 19:35 639,224 -c--a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-20 08:57 --------- dc----w C:\Program\ANI

2008-07-20 08:56 --------- dc----w C:\Program\Delade filer\InstallShield

2008-07-20 08:56 --------- dc----w C:\Program\D-Link

2008-07-20 08:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-07-18 20:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll

2008-07-17 17:13 --------- dc----w C:\Program\SHOUTcast Source

2008-07-17 17:13 --------- dc----w C:\Program\Haali

2008-07-17 17:13 --------- dc----w C:\Program\ffdshow

2008-07-17 17:13 --------- dc----w C:\Program\DSP-worx

2008-07-17 17:12 --------- dc----w C:\Program\DirectVobSub

2008-07-13 14:59 --------- dc----w C:\Program\Skype

2008-07-13 14:59 --------- dc----w C:\Program\Delade filer\Skype

2008-07-13 14:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype

2008-07-07 20:32 253,952 -c--a-w C:\WINDOWS\system32\es.dll

2008-07-04 12:50 --------- dc----w C:\Program\uTorrent

2008-06-24 16:25 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 659,968 -c--a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 247,296 -c--a-w C:\WINDOWS\system32\mswsock.dll

2008-06-18 16:18 499,712 -c--a-w C:\WINDOWS\system32\msvcp71.dll

2008-06-18 16:18 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll

2008-04-17 18:14 10,420,936 -c--a-w C:\Program\xlviewer.exe

2008-04-16 15:42 536,926 -c--a-w C:\Program\screen_recorder.exe

2008-03-08 21:54 408,552,226 -c--a-w C:\Program\Patch_NA_Europe_Germany_MP_1.0_(1.0.27.4101.a).exe

2008-01-15 21:54 22,766,896 -c--a-w C:\Program\QuickTime740Installer.exe

.

<pre>
-c--a-w            14,756 2008-05-09 22:51:20  C:\Program\DC++\Downloads\Serials,Key gens & cracks\Key Generators\microsoft Win keygen .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-09-01_19.46.26.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-07 14:27:04 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-09-02 14:21:57 4,313,088 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-09-02 14:21:57 225,280 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 14:27:04 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-09-02 14:21:56 4,313,088 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-09-02 14:21:56 225,280 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-04-29 09:19:50 12,960 -c--a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

+ 2008-04-29 09:19:54 15,648 -c--a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

+ 2008-04-29 09:20:00 15,648 -c--a-w C:\WINDOWS\system32\drivers\NSDriver.sys

+ 2008-05-16 09:58:04 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe

+ 2004-12-07 08:11:00 258,352 -c--a-w C:\WINDOWS\system32\unicows.dll

+ 2006-09-11 09:56:00 526,184 -c--a-w C:\WINDOWS\system32\XceedCry.dll

+ 2006-12-21 13:18:00 497,496 -c--a-w C:\WINDOWS\system32\XceedZip.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:35 5724184]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Veoh"="C:\Program\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]

"Aim6"="C:\Program\AIM6\aim6.exe" [2008-06-12 22:47 50528]

"Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

"WebDb"="C:\WINDOWS\system32\raneryzw.exe" [N/A]

"uimsgsrv"="C:\WINDOWS\system32\ctenqhcv.exe" [N/A]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-06-18 18:17 185896]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"D-Link AirPlus G"="C:\Program\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 15:50 1556480]

"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]

"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]

"ANIWZCS2Service"="C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"SpyHunter Security Suite"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\Delade filer\\AOL\\Loader\\aolload.exe"=

"C:\\Program\\AIM6\\aim6.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\Program\\Skype\\Phone\\Skype.exe"=

 

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-08-31 18:53]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]

S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc []

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]

S3 PciCon;PciCon;J:\PciCon.sys []

S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 21:46:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Veoh"="\"C:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"

.

Completion time: 2008-09-02 21:46:53

ComboFix-quarantined-files.txt 2008-09-02 19:46:50

ComboFix2.txt 2008-09-02 14:44:12

ComboFix3.txt 2008-09-01 19:25:17

ComboFix4.txt 2008-09-01 18:01:03

ComboFix5.txt 2008-09-02 19:42:55

 

Pre-Run: 40,331,063,296 byte ledigt

Post-Run: 40,311,042,048 byte ledigt

 

255 --- E O F --- 2008-08-14 21:46:35

[/log]

 

Link to comment
Share on other sites

Det är en del rester i registret, vilket är lättast att få bort med HijackThis.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in här.

 

Kör denna online-skanning:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

spara loggen och klistra in.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...