Just nu i M3-nätverket
Jump to content

Ny logg till Zipp mfl


Guest idgadmin

Recommended Posts

Guest idgadmin

Ok. här kommer en ny bat fil.. Jag ska inte stänga av datorn eller starta om nu.

 

Warning! This utility will find legitimate files in addition to malware.

Do not remove anything unless you are sure you know what you're doing.

 

------- System Files in System32 Directory -------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-13 22:51 224ÿ375 f2j20c1oef.dll

2004-12-13 22:51 224ÿ955 u4rule991h.dll

2004-12-13 09:19 223ÿ008 d20m0cd1ef0.dll

2004-12-10 17:36 224ÿ424 enlul1391.dll

2004-12-09 13:40 226ÿ082 gpn8l35u1.dll

2004-12-07 18:41 223ÿ389 j6n20g5oe6.dll

2004-12-06 14:56 226ÿ281 koddv.dll

2004-12-04 14:29 dllcache

2004-12-03 15:56 224ÿ676 r68s0gl7e6q.dll

2004-12-03 15:56 223ÿ193 dn2001fme.dll

2004-12-03 08:49 224ÿ552 cuc.dll

2004-12-03 00:30 224ÿ340 fp2q03f5e.dll

2004-12-02 22:47 224ÿ976 ktlql7351.dll

2004-12-02 20:06 223ÿ848 j6j60g1se6.dll

2003-08-22 11:46 Microsoft

13 fil(er) 2ÿ918ÿ099 byte

2 katalog(er) 66ÿ601ÿ107ÿ456 byte ledigt

 

------- Hidden Files in System32 Directory -------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-14 10:32 20ÿ700 FFASTLOG.TXT

2004-12-04 14:29 dllcache

2003-08-28 22:47 488 WindowsLogon.manifest

2003-08-28 22:47 488 logonui.exe.manifest

2003-08-28 22:47 749 cdplayer.exe.manifest

2003-08-28 22:47 749 sapi.cpl.manifest

2003-08-28 22:47 749 nwc.cpl.manifest

2003-08-28 22:47 749 wuaucpl.cpl.manifest

2003-08-28 22:47 749 ncpa.cpl.manifest

8 fil(er) 25ÿ421 byte

1 katalog(er) 66ÿ601ÿ107ÿ456 byte ledigt

 

---------- Files Named "Guard" -------------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-14 10:32 223ÿ047 guard.tmp

1 fil(er) 223ÿ047 byte

0 katalog(er) 66ÿ601ÿ103ÿ360 byte ledigt

 

--------- Temp Files in System32 Directory --------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-14 10:32 223ÿ047 guard.tmp

2002-09-11 13:00 2ÿ578 CONFIG.TMP

2 fil(er) 225ÿ625 byte

0 katalog(er) 66ÿ601ÿ103ÿ360 byte ledigt

 

---------------- User Agent ------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{A6160020-AEC8-4BDC-8B40-1577144F87E1}"=""

 

 

------------ Keys Under Notify ------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@=""

"DLLName"="igfxsrvc.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\u4rule991h.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

---------------- Xfind Results -----------------

 

C:\WINDOWS\SYSTEM32\F2J20C~1.DLL +++ File read error

 

-------------- Locate.com Results ---------------

 

 

C:\WINDOWS\SYSTEM32 cuc.dll Fri 2004-12-03 8.49.38 ..S.R 224 552 219,29 K

d20m0c~1.dll Mon 2004-12-13 9.19.04 ..S.R 223 008 217,78 K

dn2001~1.dll Fri 2004-12-03 15.56.06 ..S.R 223 193 217,96 K

enlul1~1.dll Fri 2004-12-10 17.36.36 ..S.R 224 424 219,16 K

f2j20c~1.dll Mon 2004-12-13 22.51.18 ..S.R 224 375 219,11 K

ffastlog.txt Tue 2004-12-14 10.32.28 A..H. 20 700 20,21 K

fp2q03~1.dll Fri 2004-12-03 0.30.34 ..S.R 224 340 219,08 K

gpn8l3~1.dll Thu 2004-12-09 13.40.46 ..S.R 226 082 220,78 K

j6j60g~1.dll Thu 2004-12-02 20.06.26 ..S.R 223 848 218,60 K

j6n20g~1.dll Tue 2004-12-07 18.41.58 ..S.R 223 389 218,15 K

koddv.dll Mon 2004-12-06 14.56.26 ..S.R 226 281 220,98 K

ktlql7~1.dll Thu 2004-12-02 22.47.04 ..S.R 224 976 219,70 K

r68s0g~1.dll Fri 2004-12-03 15.56.10 ..S.R 224 676 219,41 K

u4rule~1.dll Mon 2004-12-13 22.51.14 ..S.R 224 955 219,68 K

 

14 items found: 14 files, 0 directories.

Total of file sizes: 2 938 799 bytes 2,80 M

 

Link to comment
Share on other sites

Ta bort KillBoxen och KillBox.zip du ladda ner tidigare.

 

Ta den här nyare versionen

 

http://www.downloads.subratam.org/KillBox.zip

 

Efter det koppla bort datorn från nätet.

 

 

Unzippa på skrivbordet i en ny mapp.

 

Öppna den och klicka Tools

Sen klicka Delete Temp Files och svara Ok.

 

 

Sen kopiera och klistra in följande filer en i taget i fältet

 

Full Path of File to Delete

 

Efter varje fil tryk Delete knappen (röd med vit X på)

 

Titta noga på vilka filer du får meddelande att kan inte hittas eller finns inte.

 

 

C:/WINDOWS/SYSTEM32/ f2j20c1oef.dll

 

C:/WINDOWS/SYSTEM32/ u4rule991h.dll

 

C:/WINDOWS/SYSTEM32/ d20m0cd1ef0.dll

 

C:/WINDOWS/SYSTEM32/ enlul1391.dll

 

C:/WINDOWS/SYSTEM32/ gpn8l35u1.dll

 

C:/WINDOWS/SYSTEM32/j6n20g5oe6.dll

 

C:/WINDOWS/SYSTEM32/ koddv.dll

 

C:/WINDOWS/SYSTEM32/ r68s0gl7e6q.dll

 

C:/WINDOWS/SYSTEM32/dn2001fme.dll

 

C:/WINDOWS/SYSTEM32/ cuc.dll

 

C:/WINDOWS/SYSTEM32/fp2q03f5e.dll

 

C:/WINDOWS/SYSTEM32/ ktlql7351.dll

 

C:/WINDOWS/SYSTEM32/ j6j60g1se6.dll

 

C:/WINDOWS/SYSTEM32/guard.tmp

 

 

Sen bocka i Delete on Reboot i KillBoxen

 

Sen samma sak med alla dom filer som inte hittades eller finns inte.

 

Efter varje fil svara No.

När du har klistrat in sista filen så svara Yes och starta om datorn och skicka en ny Find.bat

 

 

 

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Det var tre filer som togs bort direkt:

C:/WINDOWS/SYSTEM32/j6n20g5oe6.dll

C:/WINDOWS/SYSTEM32/dn2001fme.dll

C:/WINDOWS/SYSTEM32/guard.tmp

 

När jag skulle reboota på sista så hände det inget.. för när datorn har blivit lite konstig efter ett tag så kan man ej starta om, man får stänga av och sätta på..hoppas inte det påverkar processen.

 

Här kommer den nya find.bat filen:

 

Warning! This utility will find legitimate files in addition to malware.

Do not remove anything unless you are sure you know what you're doing.

 

------- System Files in System32 Directory -------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-14 11:56 224ÿ955 cxm.dll

2004-12-14 11:56 225ÿ010 hrn0055me.dll

2004-12-13 22:51 224ÿ375 f2j20c1oef.dll

2004-12-13 22:51 224ÿ955 u4rule991h.dll

2004-12-13 09:19 223ÿ008 d20m0cd1ef0.dll

2004-12-10 17:36 224ÿ424 enlul1391.dll

2004-12-09 13:40 226ÿ082 gpn8l35u1.dll

2004-12-06 14:56 226ÿ281 koddv.dll

2004-12-04 14:29 dllcache

2004-12-03 15:56 224ÿ676 r68s0gl7e6q.dll

2004-12-03 08:49 224ÿ552 cuc.dll

2004-12-02 22:47 224ÿ976 ktlql7351.dll

2004-12-02 20:06 223ÿ848 j6j60g1se6.dll

2003-08-22 11:46 Microsoft

12 fil(er) 2ÿ697ÿ142 byte

2 katalog(er) 66ÿ628ÿ165ÿ632 byte ledigt

 

------- Hidden Files in System32 Directory -------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2004-12-14 11:56 20ÿ733 FFASTLOG.TXT

2004-12-04 14:29 dllcache

2003-08-28 22:47 488 WindowsLogon.manifest

2003-08-28 22:47 488 logonui.exe.manifest

2003-08-28 22:47 749 cdplayer.exe.manifest

2003-08-28 22:47 749 sapi.cpl.manifest

2003-08-28 22:47 749 nwc.cpl.manifest

2003-08-28 22:47 749 wuaucpl.cpl.manifest

2003-08-28 22:47 749 ncpa.cpl.manifest

8 fil(er) 25ÿ454 byte

1 katalog(er) 66ÿ628ÿ165ÿ632 byte ledigt

 

---------- Files Named "Guard" -------------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

 

--------- Temp Files in System32 Directory --------

 

Volymen i enhet C har etiketten Pepparkaka

Volymens serienummer „r 709B-60D9

 

Inneh†ll i katalogen C:\WINDOWS\System32

 

2002-09-11 13:00 2ÿ578 CONFIG.TMP

1 fil(er) 2ÿ578 byte

0 katalog(er) 66ÿ628ÿ161ÿ536 byte ledigt

 

---------------- User Agent ------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{A6160020-AEC8-4BDC-8B40-1577144F87E1}"=""

 

 

------------ Keys Under Notify ------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@=""

"DLLName"="igfxsrvc.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\u4rule991h.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

---------------- Xfind Results -----------------

 

C:\WINDOWS\System32\CXM.DLL +++ File read error

 

-------------- Locate.com Results ---------------

 

 

C:\WINDOWS\SYSTEM32 cuc.dll Fri 2004-12-03 8.49.38 ..S.R 224 552 219,29 K

cxm.dll Tue 2004-12-14 11.56.24 ..S.R 224 955 219,68 K

d20m0c~1.dll Mon 2004-12-13 9.19.04 ..S.R 223 008 217,78 K

enlul1~1.dll Fri 2004-12-10 17.36.36 ..S.R 224 424 219,16 K

f2j20c~1.dll Mon 2004-12-13 22.51.18 ..S.R 224 375 219,11 K

ffastlog.txt Tue 2004-12-14 11.56.32 A..H. 20 733 20,25 K

gpn8l3~1.dll Thu 2004-12-09 13.40.46 ..S.R 226 082 220,78 K

hrn005~1.dll Tue 2004-12-14 11.56.24 ..S.R 225 010 219,73 K

j6j60g~1.dll Thu 2004-12-02 20.06.26 ..S.R 223 848 218,60 K

koddv.dll Mon 2004-12-06 14.56.26 ..S.R 226 281 220,98 K

ktlql7~1.dll Thu 2004-12-02 22.47.04 ..S.R 224 976 219,70 K

r68s0g~1.dll Fri 2004-12-03 15.56.10 ..S.R 224 676 219,41 K

u4rule~1.dll Mon 2004-12-13 22.51.14 ..S.R 224 955 219,68 K

 

13 items found: 13 files, 0 directories.

Total of file sizes: 2 717 875 bytes 2,59 M

 

 

Link to comment
Share on other sites

Guest idgadmin

Den filen fastlogg verkar inte vara skum.. stod något om snabbsökning eller så..

 

Men jag ska testa Varje steg på den sidan.. hoppas jag fattar alla steg bara.

 

 

Link to comment
Share on other sites

Guest idgadmin

Hej zipp! Jag testade aldrig stegen, jag formaterade om datorn och installerade om windows. Så nu funkar den felfritt utan virus. Tackar och bugar för hjälpen ändå!

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...