Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Jkkjj.exe m.m VIRUS!

Lasken

Startad av Lasken,
i Arkiverade Windows-trådar

Rekommendera Poster

Lasken

Lasken

Postad
Postad

HAr fått nått virus eller trojan. När jag scannar datorn med Prevx så hittar det en mängd hot. bla. jkkjj.exe YAMWM.exe men även fast jag tar bort dem med Prevx så finns de kvar nästan gång datorn startar igång.

Tacksam Hjälp!

 

Logfile of HijackThis v1.99.1

Scan saved at 17:48:57, on 2008-01-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\Program\Prevx1\PXConsole.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Pure Networks\Network Magic\nmapp .exe

C:\Program\MSN Messenger\MsnMsgr .Exe

C:\Program\Prevx1\PXConsole .exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Prevx1\PXAgent.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\MSN Messenger\usnsvc.exe

c:\imvmi.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Bergort\Mina dokument\Program\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjj.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program\Delade filer\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nmapp] 'C:\Program\Pure Networks\Network Magic\nmapp.exe' -autorun -nosplash

O4 - HKLM\..\Run: [PrevxOne] 'C:\Program\Prevx1\PXConsole.exe'

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

O8 - Extra context menu item: &ampSearch - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122907449234

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199369059139

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program\Delade filer\Pure Networks Shared\Platform\puresp3.dll

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\system32\svch8w.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe' -k runservice (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program\Prevx1\PXAgent.exe' -f (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program\Delade filer\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av antivirusprogram och antispionprogram.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera

eller starta om datorn.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

ComboFix 08-01-13.1 - Bergort 2008-01-13 13:30:50.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.511 [GMT 1:00]

Running from: C:\Documents and Settings\Bergort\Skrivbord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program\Helper

C:\Program\Helper\superfindout.dll

C:\Program\Internet Explorer\setupapi.dll

C:\Program\MSN Messenger\MsnMsgr .Exe

C:\Program\Prevx1\PXConsole.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\Program\Windows Media Player\WMPNSCFG .exe

C:\WINDOWS\photos_xmas_02.zip

C:\WINDOWS\system32\ctfmon .exe

C:\WINDOWS\system32\ctfmon.exe.tmp

C:\WINDOWS\system32\ddcyyxv.dll

C:\WINDOWS\system32\geedd.dll

C:\WINDOWS\system32\jjkkj.ini

C:\WINDOWS\system32\jjkkj.ini2

C:\WINDOWS\system32\jkkjj.dll

C:\WINDOWS\system32\jkkjj.exe

C:\WINDOWS\system32\MRT .exe

C:\WINDOWS\system32\RCXD8.tmp

C:\WINDOWS\system32\tmp_suf.exe

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll

C:\WINDOWS\system32\wsnpoem\video.dll

C:\WINDOWS\system32\vtsqp.dll

 

 <pre>
C:\Program\MSN Messenger\MsnMsgr .Exe ---> QooBox
C:\Program\Prevx1\PXConsole .exe ---> PXConsole.exe
C:\Program\Pure Networks\Network Magic\nmapp .exe ---> nmapp.exe
C:\Program\Windows Media Player\WMPNSCFG .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\MRT .exe ---> QooBox
</pre>

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-13 13:40 . 2008-01-13 13:40 227 --a------ C:\WINDOWS\system.ini

2008-01-13 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 17:15 . 2008-01-12 17:43 65,536 --a------ C:\ghvltg.exe

2008-01-12 17:15 . 2008-01-12 17:43 15,360 --a------ C:\imvmi.exe

2008-01-12 17:15 . 2008-01-12 17:26 6,144 --a------ C:\bhxqyu.exe

2008-01-12 17:15 . 2008-01-12 17:15 4,096 --a------ C:\WINDOWS\system32\svch8w.dll

2008-01-12 17:15 . 2008-01-12 17:43 8 --a------ C:\WINDOWS\system32\69393452

2008-01-12 17:14 . 2008-01-12 17:42 58,880 --a------ C:\ugmsfom.exe

2008-01-12 17:14 . 2008-01-12 17:14 54,764 --a------ C:\WINDOWS\system32\dxdss.sys

2008-01-12 17:14 . 2008-01-12 17:42 54,272 --a------ C:\yamwm.exe

2008-01-11 17:50 . 2008-01-12 17:17 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\Prevx

2008-01-11 17:49 . 2008-01-13 13:40 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-11 17:49 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2008-01-11 17:49 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2008-01-11 13:23 . 2008-01-11 16:07 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\PrevxCSI

2008-01-11 09:54 . 2008-01-11 10:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 09:54 . 2008-01-11 10:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-09 20:17 . 2008-01-09 20:18 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-01-05 13:59 . 2008-01-05 13:59 <KAT> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX

2008-01-03 15:23 . 2008-01-03 15:23 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2008-01-03 15:22 . 2008-01-09 18:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-03 15:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-03 15:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-02 17:38 . 2008-01-02 17:38 <KAT> d-------- C:\Program\DIFX

2008-01-02 17:38 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys

2008-01-02 17:38 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

2008-01-02 17:35 . 2008-01-02 17:38 <KAT> d-------- C:\Program\Delade filer\Pure Networks Shared

2008-01-02 17:34 . 2008-01-02 17:34 <KAT> d-------- C:\Program\Pure Networks

2008-01-02 17:31 . 2008-01-02 17:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2007-12-30 16:04 . 2007-12-30 16:04 <KAT> d-------- C:\Program\SopCast

2007-12-30 10:33 . 2007-12-30 10:33 244 --ah----- C:\sqmnoopt19.sqm

2007-12-30 10:33 . 2007-12-30 10:33 232 --ah----- C:\sqmdata19.sqm

2007-12-30 09:38 . 2007-12-30 09:38 244 --ah----- C:\sqmnoopt18.sqm

2007-12-30 09:38 . 2007-12-30 09:38 232 --ah----- C:\sqmdata18.sqm

2007-12-30 09:33 . 2007-12-30 09:33 244 --ah----- C:\sqmnoopt17.sqm

2007-12-30 09:33 . 2007-12-30 09:33 232 --ah----- C:\sqmdata17.sqm

2007-12-30 00:21 . 2007-12-30 09:32 246,402 --a------ C:\WINDOWS\xmas_party01.zip

2007-12-30 00:19 . 2008-01-13 13:40 <KAT> d-------- C:\Program\MSN Messenger

2007-12-29 15:57 . 2007-12-29 15:57 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2007-12-29 14:26 . 2007-12-29 14:29 <KAT> d-------- C:\Program\Windows Live

2007-12-29 14:26 . 2007-12-30 00:19 <KAT> d----c--- C:\Program\Delade filer\WindowsLiveInstaller

2007-12-29 14:26 . 2007-12-29 14:26 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-29 13:25 . 2007-12-29 13:25 244 --ah----- C:\sqmnoopt16.sqm

2007-12-29 13:25 . 2007-12-29 13:25 232 --ah----- C:\sqmdata16.sqm

2007-12-29 12:25 . 2007-12-29 12:25 244 --ah----- C:\sqmnoopt15.sqm

2007-12-29 12:25 . 2007-12-29 12:25 232 --ah----- C:\sqmdata15.sqm

2007-12-29 10:24 . 2007-12-29 10:24 244 --ah----- C:\sqmnoopt14.sqm

2007-12-29 10:24 . 2007-12-29 10:24 232 --ah----- C:\sqmdata14.sqm

2007-12-26 19:39 . 2007-12-26 19:39 246,400 --a------ C:\WINDOWS\pics_july03.zip

2007-12-16 15:19 . 2007-12-16 15:19 244 --ah----- C:\sqmnoopt13.sqm

2007-12-16 15:19 . 2007-12-16 15:19 232 --ah----- C:\sqmdata13.sqm

2007-12-15 20:43 . 2007-12-15 20:45 <KAT> d-------- C:\Program\Deal or No Deal - Secret Vault Games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 16:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-11 16:41 77,312 ----a-w C:\WINDOWS\ua2.dll

2008-01-11 16:25 --------- d-----w C:\Program\SpywareBlaster

2008-01-11 16:23 --------- d-----w C:\Documents and Settings\Bergort\Application Data\Azureus

2008-01-11 09:03 --------- d-----w C:\Program\Windows Media Connect 2

2007-12-23 15:57 --------- d-----w C:\Program\Azureus

2007-12-14 10:34 3,532 ----a-w C:\drmHeader.bin

2007-12-14 10:34 --------- d-----w C:\Program\DivX

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-03 14:03 --------- d-----w C:\Program\Delade filer\DirectX

2007-12-03 13:46 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-03 13:46 --------- d-----w C:\Program\Codemasters

2007-12-03 13:46 --------- d-----w C:\Documents and Settings\Bergort\Application Data\InstallShield

2007-12-01 10:40 725,110 ----a-w C:\WINDOWS\pics14.zip

2007-11-28 17:28 725,114 ----a-w C:\WINDOWS\dream01.zip

2007-11-23 18:12 716,918 ----a-w C:\WINDOWS\pics05.exe

2007-11-22 15:29 7,680 ----a-w C:\WINDOWS\mmp3b.exe

2007-11-18 12:21 --------- d-----w C:\Program\TuneUp Utilities 2007

2007-11-18 12:19 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-11-18 12:03 --------- d-----w C:\Program\KONAMI

2007-11-18 12:00 --------- d-----w C:\Program\EA SPORTS

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-13 11:25 30,360 ----a-w C:\Documents and Settings\Bergort\Application Data\GDIPFONTCACHEV1.DAT

.

<pre>
----a-w           451,896 2008-01-09 16:53:29  C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth .exe
----a-w           949,376 2007-01-09 16:53:37  C:\Program\ESET\nod32kui .exe
----a-w         5,674,352 2008-01-13 12:40:59  C:\Program\MSN Messenger\MsnMsgr .Exe
</pre>

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 09:34 15360]

'MsnMsgr'='C:\Program\MSN Messenger\MsnMsgr.exe' [2007-01-12 17:20 6047744]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'BluetoothAuthenticationAgent'='bthprops.cpl' [2004-08-04 09:34 110592 C:\WINDOWS\system32\bthprops.cpl]

'nmapp'='C:\Program\Pure Networks\Network Magic\nmapp.exe' [2008-01-13 13:16 451896]

'PrevxOne'='C:\Program\Prevx1\PXConsole.exe' [2008-01-13 13:17 1503232]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\System32\CTFMON.EXE' [2004-08-04 09:34 15360]

'hostserv'='hostserv.exe' []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

'MS Explorer Config Measurement'= C:\WINDOWS\system32\mscongf.exe

'Microsoft'= ati33.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

'NTSecurity'= NTSecurity.exe

'NTSpool'= NTSpool.exe

'autocheck.exe'= 12/01/2007, 11:37 AM

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgggd]

iifgggd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrqr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

'AppInit_DLLs'=C:\WINDOWS\system32\svch8w.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ :\WINDOWS\syste

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

'Skype'='C:\Program\Skype\Phone\Skype.exe' /nosplash /minimized

'EA Core'=C:\Program\Electronic Arts\EA Downloader\Core.exe -silent

'updateMgr'='C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe' AcRdB7_0_7 -reboot 1

'Steam'=C:\Program\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe

'Anti-Blaxx Manager'=C:\Program\Anti-Blaxx\Anti-Blaxx.exe

'QuickTime Task'='C:\Program\QuickTime\qttask.exe' -atboottime

'ATICCC'='C:\Program\ATI Technologies\ATI.ACE\cli.exe' runtime -Delay

'iTunesHelper'='C:\Program\iTunes\iTunesHelper.exe'

'SoundMan'=SOUNDMAN.EXE

'tgcmd'='C:\Program\Telia\Supportassistent\bin\tgcmd.exe' /server /startmonitor /deaf

'PWRISOVM.EXE'=C:\Documents and Settings\Bergort\Mina dokument\Program\PowerISO\PWRISOVM.EXE

'Sony Ericsson PC Suite'='C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe' /startoptions

'SunJavaUpdateSched'='C:\Program\Java\jre1.5.0_09\bin\jusched.exe'

'iRiver Updater'=\Updater.exe

'StartCCC'='C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe'

'DAEMON Tools'='C:\Program\DAEMON Tools\daemon.exe' -lang 1033

'Logitech Hardware Abstraction Layer'=KHALMNPR.EXE

'PrevxOne'='C:\Program\Prevx2\PXConsole.exe'

 

R1 sdcplhsdcplhC:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-15 18:20]

R3 xusb20Xbox 360 Wireless Receiver for Windows Driver ServiceC:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]

S3 8ba5fb8d-5699-406a-b268-bbeacba673488ba5fb8d-5699-406a-b268-bbeacba67348D:\Player\cds300.dll []

S3 s115busSony Ericsson Device 115 driver (WDM)C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdflSony Ericsson Device 115 USB WMC Modem FilterC:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdmSony Ericsson Device 115 USB WMC Modem DriverC:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmtSony Ericsson Device 115 USB WMC Device Management Drivers (WDM)C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obexSony Ericsson Device 115 USB WMC OBEX InterfaceC:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 s117busSony Ericsson Device 117 driver (WDM)C:\WINDOWS\system32\DRIVERS\s117bus.sys []

S3 s117nd5Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)C:\WINDOWS\system32\DRIVERS\s117nd5.sys []

S3 s117unicSony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 09:43]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

'2008-01-11 16:19:22 C:\WINDOWS\Tasks\1-Click Maintenance.job'

- C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe

'2008-01-11 17:17:11 C:\WINDOWS\Tasks\Symantec NetDetect.job'

- C:\Program\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 13:40:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\svch8w.dll

-> C:\Program\Eset\pr_imon.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\svch8w.dll

-> C:\Program\Eset\pr_imon.dll

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\svch8w.dll

-> C:\Program\Eset\pr_imon.dll

.

Completion time: 2008-01-13 13:43:29 - machine was rebooted [bergort]

ComboFix-quarantined-files.txt 2008-01-13 12:43:27

.

2008-01-11 10:56:23 --- E O F ---

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ladda ner MSN_Fix till Skrivbordet.

http://sosvirus.changelog.fr/MSNFix.zip

Packa upp filen och starta MSNFix.bat genom att dubbelklicka på den.

Välj språk genom att trycka på motsvarande bokstav.

Tryck R för att starta skanningen.

Om något hittas så tryck på valfri tangent för att starta borttagningen.

Ibland så kommer det upp ett meddelande om att starta om datorn, gör det i så fall.

Klistra in loggen som kommer upp i ditt svar här.

Om den inte kommer upp så hittar du den i den mappen där programmet ligger och namnet på loggen innehåller datum och klockslag för körningen.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen samt File size här. Upprepa med nästa filnamn.

C:\ghvltg.exe

C:\imvmi.exe

C:\bhxqyu.exe

C:\WINDOWS\system32\svch8w.dll

C:\WINDOWS\system32\69393452

C:\ugmsfom.exe

C:\WINDOWS\system32\dxdss.sys

C:\yamwm.exe

C:\WINDOWS\xmas_party01.zip

C:\WINDOWS\pics_july03.zip

C:\WINDOWS\ua2.dll

2007-12-01 10:40 725,110 ----a-w C:\WINDOWS\pics14.zip

2007-11-28 17:28 725,114 ----a-w C:\WINDOWS\dream01.zip

2007-11-23 18:12 716,918 ----a-w C:\WINDOWS\pics05.exe

2007-11-22 15:29 7,680 ----a-w C:\WINDOWS\mmp3b.exe

 

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

MSNFix 1.626

 

C:\Documents and Settings\Bergort\Skrivbord\MSNFix

Sokningen var klar pa 2008-01-13 - 18:15:25,84 By Bergort

normalt lage

 

************************ Kollar filer

 

... C:\WINDOWS\xmas_party01.zip

... C:\WINDOWS\system32\NTSpool.exe

... C:\WINDOWS\pics14.zip

... C:\WINDOWS\pics_july03.zip

... C:\WINDOWS\dream01.zip

 

************************ MSNCHK ***** /!\ beta test /!

 

 

************************ Kollar mappar

 

... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

 

 

 

 

************************ Tar bort virus filer

 

.. OK ... C:\WINDOWS\xmas_party01.zip

.. OK ... C:\WINDOWS\system32\NTSpool.exe

.. OK ... C:\WINDOWS\pics14.zip

.. OK ... C:\WINDOWS\pics_july03.zip

.. OK ... C:\WINDOWS\dream01.zip

 

 

************************ Tar bort virus mappar

 

.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

 

 

************************ Rensar registret

 

 

 

************************ Misstankta Filer

 

/!\ Dem funna filerna maste kontrolleras innan borttagning

 

[C:\bhxqyu.exe] 3863C74316091E270D22F480D7A885AC

[C:\catgen.exe] 77E2AB1530DCA630E21F4766556548F6

[C:\imvmi.exe] 8B27300AF47D7E02538BA4C3EFB8012F

[C:\ugmsfom.exe] CC7F9AC70EDBC068FCA80BEB63A0FBE1

[C:\Updater.exe] 50D1955BCA8825DA78FC00F62FBB2B1D

 

==> Var snall och ladda upp filen C:\DOCUME~1\Bergort\SKRIVB~1\Upload_Me.zip on http://upload.changelog.fr

 

 

 

Filerna och Registernycklarna har sparats i karantan 2008-01-13_18175007.zip

 

 

------------------------------------------------------------------------

Gjord av : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

SmitFraudFix v2.274

 

Scan done at 18:22:05,67, 2008-01-13

Run from C:\Documents and Settings\Bergort\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bergort

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bergort\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bergort\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

'Source'='About:Home'

'SubscribedURL'='About:Home'

'FriendlyName'='Min aktuella startsida'

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

'AppInit_DLLs'='C:\\WINDOWS\\system32\\svch8w.dll'

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

'System'=''

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: NVIDIA nForce Networking Controller - Miniport för paketschemaläggning

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A45AD5B5-26C0-42FD-A503-9E599D98B84D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A45AD5B5-26C0-42FD-A503-9E599D98B84D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A45AD5B5-26C0-42FD-A503-9E599D98B84D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Fil bhxqyu.exe mottagen 2008.01.13 18:26:56 (CET)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

 

 

Resultat: 14/32 (43.75%)

 

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.1.12.10 2008.01.11 -

AntiVir 7.6.0.46 2008.01.11 -

Authentium 4.93.8 2008.01.13 -

Avast 4.7.1098.0 2008.01.12 -

AVG 7.5.0.516 2008.01.13 Downloader.Generic6.YGJ

BitDefender 7.2 2008.01.13 Trojan.DNSChanger.BX

CAT-QuickHeal 9.00 2008.01.12 Trojan.Agent.djz

ClamAV 0.91.2 2008.01.13 -

DrWeb 4.44.0.09170 2008.01.13 Trojan.Packed.155

eSafe 7.0.15.0 2008.01.10 suspicious Trojan/Worm

eTrust-Vet 31.3.5451 2008.01.11 -

Ewido 4.0 2008.01.13 -

FileAdvisor 1 2008.01.13 -

Fortinet 3.14.0.0 2008.01.13 -

F-Prot 4.4.2.54 2008.01.13 -

F-Secure 6.70.13030.0 2008.01.13 -

Ikarus T3.1.1.20 2008.01.13 Trojan.DNSChanger.BX

Kaspersky 7.0.0.125 2008.01.13 -

McAfee 5205 2008.01.11 New Malware.bx

Microsoft 1.3109 2008.01.13 VirTool:Win32/Obfuscator.S

NOD32v2 2788 2008.01.13 a variant of Win32/TrojanProxy.Dlena

Norman 5.80.02 2008.01.11 -

Panda 9.0.0.4 2008.01.13 Suspicious file

Prevx1 V2 2008.01.13 -

Rising 20.26.62.00 2008.01.13 Trojan.Win32.Undef.ans

Sophos 4.24.0 2008.01.13 Mal/HckPk-A

Sunbelt 2.2.907.0 2008.01.12 VIPRE.Suspicious

Symantec 10 2008.01.13 -

TheHacker 6.2.9.186 2008.01.11 -

VBA32 3.12.2.5 2008.01.13 -

VirusBuster 4.3.26:9 2008.01.12 -

Webwasher-Gateway 6.6.2 2008.01.13 Win32.Malware.gen#UPX!80 (suspicious)

Övrig information

File size: 6144 bytes

MD5: 3863c74316091e270d22f480d7a885ac

SHA1: 3c6ca7d5a5099d66385e3da72e9677c2740c0e66

PEiD: -

Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

 

 

Fil mmp3b.exe mottagen 2007.11.29 18:19:31 (CET)

Närvarande status: genomförd

 

Resultat: 2/32 (6.25%)

Compact Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - -

F-Prot - - -

F-Secure - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - -

Norman - - -

Panda - - Suspicious file

Prevx1 - - -

Rising - - Trojan.DL.Win32.Small.gkj

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - -

 

 

Fil qmbyrnfj.exe mottagen 2008.01.11 00:18:58 (CET)

Närvarande status: genomförd

 

Resultat: 14/32 (43.75%)

Compact Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.1.11.10 2008.01.10 -

AntiVir 7.6.0.46 2008.01.10 TR/Crypt.XPACK.Gen

Authentium 4.93.8 2008.01.09 -

Avast 4.7.1098.0 2008.01.10 -

AVG 7.5.0.516 2008.01.10 -

BitDefender 7.2 2008.01.10 -

CAT-QuickHeal 9.00 2008.01.10 TrojanDownloader.Small.hkq

ClamAV 0.91.2 2008.01.10 -

DrWeb 4.44.0.09170 2008.01.10 Trojan.DownLoader.38325

eSafe 7.0.15.0 2008.01.10 Win32.Small.hkq

eTrust-Vet 31.3.5446 2008.01.10 -

Ewido 4.0 2008.01.10 -

FileAdvisor 1 2008.01.11 -

Fortinet 3.14.0.0 2008.01.10 W32/Small.HKQ!tr.dldr

F-Prot 4.4.2.54 2008.01.10 W32/Downloader!7ebf

F-Secure 6.70.13030.0 2008.01.10 Trojan-Downloader.Win32.Small.hkq

Ikarus T3.1.1.20 2008.01.10 Trojan-Downloader.Win32.Small.hkq

Kaspersky 7.0.0.125 2008.01.10 Trojan-Downloader.Win32.Small.hkq

McAfee 5204 2008.01.10 -

Microsoft 1.3109 2008.01.10 -

NOD32v2 2782 2008.01.11 -

Norman 5.80.02 2008.01.10 W32/DLoader.EZQR

Panda 9.0.0.4 2008.01.10 Trj/Downloader.RUO

Prevx1 V2 2008.01.11 -

Rising 20.26.32.00 2008.01.10 -

Sophos 4.24.0 2008.01.10 -

Sunbelt 2.2.907.0 2008.01.10 -

Symantec 10 2008.01.10 -

TheHacker 6.2.9.185 2008.01.09 Trojan/Downloader.Small.hkq

VBA32 3.12.2.5 2008.01.10 Trojan-Downloader.Win32.Small.hkq

VirusBuster 4.3.26:9 2008.01.10 -

Webwasher-Gateway 6.6.2 2008.01.10 Trojan.Crypt.XPACK.Gen

Övrig information

File size: 15360 bytes

MD5: 8b27300af47d7e02538ba4c3efb8012f

SHA1: bcfcbeac4675fb708a3ad07ae51f54db36e713a5

PEiD: -

 

 

Fil ugmsfom.exe mottagen 2008.01.11 13:14:53 (CET)

Närvarande status: genomförd

 

Resultat: 8/32 (25.00%)

Compact Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - TR/Crypt.XPACK.Gen

Authentium - - -

Avast - - -

AVG - - SHeur.ALMT

BitDefender - - -

CAT-QuickHeal - - (Suspicious) - DNAScan

ClamAV - - -

DrWeb - - -

eSafe - - Suspicious File

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - -

F-Prot - - -

F-Secure - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - Backdoor:Win32/Rustock.gen!C

NOD32v2 - - -

Norman - - W32/Smalltroj.BVSV

Panda - - -

Prevx1 - - Generic.Malware

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen

Övrig information

MD5: cc7f9ac70edbc068fca80beb63a0fbe1

SHA1: f15c06e1fd6548316102d9dbe9fd73bbba4a6264

SHA256: c1a59864f73ce2eeb0cbc37560d084b6097252b46d9c8285da99fea75ecf3b7d

SHA512: 8d846763cc58fb4245190c4c656909624df3105bbb3b2c0663e3d9338df10930 6887dcee331e3af29e0e2ce4d05781ef0d8d6d7ff9491a480e7ce46ce3583428

 

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Jag ser ett problem med att datorn har varit infekterad sedan i november och det är att loggarna inte sträcker sig så långt tillbaks, så det finns infekterade filer i datorn som inte syns i loggarna och då är det svårt att veta vad filerna heter och därmed svårt att säga till dig att ta bort dem.

 

Du har skannat en fil som heter qmbyrnfj.exe, jag har inte bett dig att göra det eftersom den inte syns i loggarna, men det är ju helt klart infekterad. Jag vet inte vilken mapp den ligger i så jag kan inte få programmet att ta bort den filen.

 

Varför har du inte skannat alla de andra filerna jag bad om?

 

Kopiera alla rader nedan

[KOD]

File::

C:\bhxqyu.exe

C:\ugmsfom.exe

C:\WINDOWS\pics05.exe

C:\WINDOWS\mmp3b.exe

[/KOD]

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Skanna även dessa två filer på virustotal-sidan:

C:\catgen.exe

C:\Updater.exe

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Okej. Finns det inget sätt man kan 'hitta' dessa infekterade filer på?

 

Är det bara att ta bort qmbyrnfj.exe?

 

Jag skannad alla filer, men det var enbart dem jag skickade med som visade något.

 

ComboFix 08-01-13.1 - Bergort 2008-01-13 20:33:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.566 [GMT 1:00]

Running from: C:\Documents and Settings\Bergort\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bergort\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program\Prevx1\PXConsole.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\gebya.dll

C:\WINDOWS\system32\urqnnml.dll

 

 <pre>
C:\Program\Prevx1\PXConsole .exe ---> PXConsole.exe
C:\Program\Pure Networks\Network Magic\nmapp .exe ---> nmapp.exe
</pre>

.

.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-13 18:23 . 2008-01-13 19:06 6,692 --ahs---- C:\WINDOWS\system32\ihkmp.ini2

2008-01-13 18:23 . 2008-01-13 19:08 6,692 --ahs---- C:\WINDOWS\system32\ihkmp.ini

2008-01-13 18:22 . 2008-01-13 18:22 1,552 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-13 13:43 . 2008-01-13 13:43 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar

2008-01-13 13:43 . 2008-01-13 13:43 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala inställningar

2008-01-13 13:43 . 2008-01-13 13:43 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala inställningar

2008-01-13 13:43 . 2008-01-13 13:43 <KAT> d-------- C:\Documents and Settings\Default User\Lokala inställningar

2008-01-13 13:43 . 2008-01-13 13:43 <KAT> d-------- C:\Documents and Settings\Bergort\Lokala inställningar

2008-01-13 13:43 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar

2008-01-13 13:43 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar

2008-01-13 13:40 . 2008-01-13 20:41 227 --a------ C:\WINDOWS\system.ini

2008-01-13 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 17:15 . 2008-01-12 17:43 15,360 --a------ C:\imvmi.exe

2008-01-12 17:15 . 2008-01-12 17:26 6,144 --a------ C:\bhxqyu.exe

2008-01-12 17:15 . 2008-01-12 17:43 8 --a------ C:\WINDOWS\system32\69393452

2008-01-12 17:14 . 2008-01-12 17:42 58,880 --a------ C:\ugmsfom.exe

2008-01-12 17:14 . 2008-01-12 17:14 54,764 --a------ C:\WINDOWS\system32\dxdss.sys

2008-01-11 17:50 . 2008-01-13 19:56 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\Prevx

2008-01-11 17:49 . 2008-01-13 20:40 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-11 17:49 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2008-01-11 17:49 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2008-01-11 13:23 . 2008-01-11 16:07 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\PrevxCSI

2008-01-11 09:54 . 2008-01-11 10:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 09:54 . 2008-01-11 10:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-09 20:17 . 2008-01-09 20:18 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-01-05 13:59 . 2008-01-05 13:59 <KAT> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX

2008-01-03 15:23 . 2008-01-03 15:23 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2008-01-03 15:22 . 2008-01-09 18:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-03 15:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-03 15:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-02 17:38 . 2008-01-02 17:38 <KAT> d-------- C:\Program\DIFX

2008-01-02 17:38 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys

2008-01-02 17:38 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

2008-01-02 17:35 . 2008-01-02 17:38 <KAT> d-------- C:\Program\Delade filer\Pure Networks Shared

2008-01-02 17:34 . 2008-01-02 17:34 <KAT> d-------- C:\Program\Pure Networks

2008-01-02 17:31 . 2008-01-02 17:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2007-12-30 16:04 . 2007-12-30 16:04 <KAT> d-------- C:\Program\SopCast

2007-12-30 10:33 . 2007-12-30 10:33 244 --ah----- C:\sqmnoopt19.sqm

2007-12-30 10:33 . 2007-12-30 10:33 232 --ah----- C:\sqmdata19.sqm

2007-12-30 09:38 . 2007-12-30 09:38 244 --ah----- C:\sqmnoopt18.sqm

2007-12-30 09:38 . 2007-12-30 09:38 232 --ah----- C:\sqmdata18.sqm

2007-12-30 09:33 . 2007-12-30 09:33 244 --ah----- C:\sqmnoopt17.sqm

2007-12-30 09:33 . 2007-12-30 09:33 232 --ah----- C:\sqmdata17.sqm

2007-12-30 00:19 . 2008-01-13 14:00 <KAT> d-------- C:\Program\MSN Messenger

2007-12-29 15:57 . 2007-12-29 15:57 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2007-12-29 14:26 . 2007-12-29 14:29 <KAT> d-------- C:\Program\Windows Live

2007-12-29 14:26 . 2007-12-30 00:19 <KAT> d----c--- C:\Program\Delade filer\WindowsLiveInstaller

2007-12-29 14:26 . 2007-12-29 14:26 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-29 13:25 . 2007-12-29 13:25 244 --ah----- C:\sqmnoopt16.sqm

2007-12-29 13:25 . 2007-12-29 13:25 232 --ah----- C:\sqmdata16.sqm

2007-12-29 12:25 . 2007-12-29 12:25 244 --ah----- C:\sqmnoopt15.sqm

2007-12-29 12:25 . 2007-12-29 12:25 232 --ah----- C:\sqmdata15.sqm

2007-12-29 10:24 . 2007-12-29 10:24 244 --ah----- C:\sqmnoopt14.sqm

2007-12-29 10:24 . 2007-12-29 10:24 232 --ah----- C:\sqmdata14.sqm

2007-12-16 15:19 . 2007-12-16 15:19 244 --ah----- C:\sqmnoopt13.sqm

2007-12-16 15:19 . 2007-12-16 15:19 232 --ah----- C:\sqmdata13.sqm

2007-12-15 20:43 . 2007-12-15 20:45 <KAT> d-------- C:\Program\Deal or No Deal - Secret Vault Games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 16:41 77,312 ----a-w C:\WINDOWS\ua2.dll

2008-01-11 16:25 --------- d-----w C:\Program\SpywareBlaster

2008-01-11 16:23 --------- d-----w C:\Documents and Settings\Bergort\Application Data\Azureus

2008-01-11 09:03 --------- d-----w C:\Program\Windows Media Connect 2

2007-12-23 15:57 --------- d-----w C:\Program\Azureus

2007-12-14 10:34 3,532 ----a-w C:\drmHeader.bin

2007-12-14 10:34 --------- d-----w C:\Program\DivX

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-03 14:03 --------- d-----w C:\Program\Delade filer\DirectX

2007-12-03 13:46 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-03 13:46 --------- d-----w C:\Program\Codemasters

2007-12-03 13:46 --------- d-----w C:\Documents and Settings\Bergort\Application Data\InstallShield

2007-11-22 15:29 7,680 ----a-w C:\WINDOWS\mmp3b.exe

2007-11-18 12:21 --------- d-----w C:\Program\TuneUp Utilities 2007

2007-11-18 12:19 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-11-18 12:03 --------- d-----w C:\Program\KONAMI

2007-11-18 12:00 --------- d-----w C:\Program\EA SPORTS

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-13 11:25 30,360 ----a-w C:\Documents and Settings\Bergort\Application Data\GDIPFONTCACHEV1.DAT

.

<pre>
----a-w           451,896 2008-01-09 16:53:29  C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth .exe
----a-w           949,376 2007-01-09 16:53:37  C:\Program\ESET\nod32kui .exe
----a-w         5,674,352 2008-01-13 12:40:59  C:\Program\MSN Messenger\MsnMsgr .Exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-01-13_13.43.16.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-13 12:30:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-13 19:33:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-13 19:33:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-13 12:30:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

+ 2008-01-13 19:33:40 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-13 19:33:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-13 12:30:13 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

+ 2008-01-13 19:33:41 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

- 2008-01-13 12:30:14 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-13 19:33:41 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 09:34 15360]

'MsnMsgr'='C:\Program\MSN Messenger\MsnMsgr.exe' [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'BluetoothAuthenticationAgent'='bthprops.cpl' [2004-08-04 09:34 110592 C:\WINDOWS\system32\bthprops.cpl]

'nmapp'='C:\Program\Pure Networks\Network Magic\nmapp.exe' [2008-01-13 19:44 451896]

'PrevxOne'='C:\Program\Prevx1\PXConsole.exe' [2008-01-13 19:44 1503232]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\System32\CTFMON.EXE' [2004-08-04 09:34 15360]

'hostserv'='hostserv.exe' []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

'MS Explorer Config Measurement'= C:\WINDOWS\system32\mscongf.exe

'Microsoft'= ati33.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

'NTSecurity'= NTSecurity.exe

'NTSpool'= NTSpool.exe

'autocheck.exe'= 12/01/2007, 11:37 AM

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgggd]

iifgggd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopqo]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrqr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

'AppInit_DLLs'=C:\WINDOWS\system32\svch8w.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ :\WINDOWS\syste

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

'Skype'='C:\Program\Skype\Phone\Skype.exe' /nosplash /minimized

'EA Core'=C:\Program\Electronic Arts\EA Downloader\Core.exe -silent

'updateMgr'='C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe' AcRdB7_0_7 -reboot 1

'Steam'=C:\Program\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe

'Anti-Blaxx Manager'=C:\Program\Anti-Blaxx\Anti-Blaxx.exe

'QuickTime Task'='C:\Program\QuickTime\qttask.exe' -atboottime

'ATICCC'='C:\Program\ATI Technologies\ATI.ACE\cli.exe' runtime -Delay

'iTunesHelper'='C:\Program\iTunes\iTunesHelper.exe'

'SoundMan'=SOUNDMAN.EXE

'tgcmd'='C:\Program\Telia\Supportassistent\bin\tgcmd.exe' /server /startmonitor /deaf

'PWRISOVM.EXE'=C:\Documents and Settings\Bergort\Mina dokument\Program\PowerISO\PWRISOVM.EXE

'Sony Ericsson PC Suite'='C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe' /startoptions

'SunJavaUpdateSched'='C:\Program\Java\jre1.5.0_09\bin\jusched.exe'

'iRiver Updater'=\Updater.exe

'StartCCC'='C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe'

'DAEMON Tools'='C:\Program\DAEMON Tools\daemon.exe' -lang 1033

'Logitech Hardware Abstraction Layer'=KHALMNPR.EXE

'PrevxOne'='C:\Program\Prevx2\PXConsole.exe'

 

R1 sdcplhsdcplhC:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-15 18:20]

R2 UxTuneUpTuneUp Theme ExtensionC:\WINDOWS\System32\svchost.exe [2004-08-04 09:34]

R3 xusb20Xbox 360 Wireless Receiver for Windows Driver ServiceC:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]

S3 8ba5fb8d-5699-406a-b268-bbeacba673488ba5fb8d-5699-406a-b268-bbeacba67348D:\Player\cds300.dll []

S3 s115busSony Ericsson Device 115 driver (WDM)C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdflSony Ericsson Device 115 USB WMC Modem FilterC:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdmSony Ericsson Device 115 USB WMC Modem DriverC:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmtSony Ericsson Device 115 USB WMC Device Management Drivers (WDM)C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obexSony Ericsson Device 115 USB WMC OBEX InterfaceC:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 s117busSony Ericsson Device 117 driver (WDM)C:\WINDOWS\system32\DRIVERS\s117bus.sys []

S3 s117nd5Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)C:\WINDOWS\system32\DRIVERS\s117nd5.sys []

S3 s117unicSony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 09:43]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

'2008-01-11 16:19:22 C:\WINDOWS\Tasks\1-Click Maintenance.job'

- C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe

'2008-01-13 17:17:32 C:\WINDOWS\Tasks\Symantec NetDetect.job'

- C:\Program\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 20:41:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Program\Eset\pr_imon.dll

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program\Eset\pr_imon.dll

.

Completion time: 2008-01-13 20:47:58 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-13 19:47:56

ComboFix2.txt 2008-01-13 12:43:29

.

2008-01-11 10:56:23 --- E O F ---

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

'Jag skannad alla filer, men det var enbart dem jag skickade med som visade något.'

Okej, inte lätt att veta.

Vi får väl hoppas att ett bra antivirusprogram kan hitta filerna.

 

Jag tror att du glömde raden File:: i CFScript-filen, och då vet inte ComboFix att det är filer som ska tas bort. Ändra CFScript så den ser ut så här:

[KOD]

File::

C:\WINDOWS\system32\ihkmp.ini2

C:\WINDOWS\system32\ihkmp.ini

C:\bhxqyu.exe

C:\ugmsfom.exe

C:\WINDOWS\pics05.exe

C:\WINDOWS\mmp3b.exe

qmbyrnfj.exe

[/KOD]

Lägg till i vilken mapp som qmbyrnfj.exe finns.

Spara filen.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Länk till kommentar
Dela på andra webbplatser
927

927

Postad
Postad

 

det finns ju program som visar alla filer oavsett datum eller 30,60 resp 90 dagar

 

verkar som att det här är rätt sökväg

C:\qmbyrnfj.exe

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Fast jag har aldrig behövt använda dem tidigare, så jag har inga färdiga recept i alla fall.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

ComboFix 08-01-13.1 - Bergort 2008-01-14 8:53:09.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.523 [GMT 1:00]

Running from: C:\Documents and Settings\Bergort\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bergort\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\bhxqyu.exe

C:\qmbyrnfj.exe

C:\ugmsfom.exe

C:\WINDOWS\mmp3b.exe

C:\WINDOWS\pics05.exe

C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\ihkmp.ini2

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\bhxqyu.exe

C:\ugmsfom.exe

C:\WINDOWS\mmp3b.exe

C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\ihkmp.ini2

 

.

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))

.

 

2008-01-13 18:22 . 2008-01-13 18:22 1,552 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Bergort\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-01-13 13:40 . 2008-01-14 08:57 227 --a------ C:\WINDOWS\system.ini

2008-01-13 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 17:15 . 2008-01-12 17:43 15,360 --a------ C:\imvmi.exe

2008-01-12 17:15 . 2008-01-12 17:43 8 --a------ C:\WINDOWS\system32\69393452

2008-01-12 17:14 . 2008-01-12 17:14 54,764 --a------ C:\WINDOWS\system32\dxdss.sys

2008-01-11 17:50 . 2008-01-13 19:56 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\Prevx

2008-01-11 17:49 . 2008-01-14 08:31 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-11 17:49 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2008-01-11 17:49 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2008-01-11 13:23 . 2008-01-11 16:07 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\PrevxCSI

2008-01-11 09:54 . 2008-01-11 10:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 09:54 . 2008-01-11 10:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-09 20:17 . 2008-01-09 20:18 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-01-05 13:59 . 2008-01-05 13:59 <KAT> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX

2008-01-03 15:23 . 2008-01-03 15:23 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2008-01-03 15:22 . 2008-01-09 18:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-03 15:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-03 15:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-02 17:38 . 2008-01-02 17:38 <KAT> d-------- C:\Program\DIFX

2008-01-02 17:38 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys

2008-01-02 17:38 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

2008-01-02 17:35 . 2008-01-02 17:38 <KAT> d-------- C:\Program\Delade filer\Pure Networks Shared

2008-01-02 17:34 . 2008-01-02 17:34 <KAT> d-------- C:\Program\Pure Networks

2008-01-02 17:31 . 2008-01-02 17:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2007-12-30 16:04 . 2007-12-30 16:04 <KAT> d-------- C:\Program\SopCast

2007-12-30 10:33 . 2007-12-30 10:33 244 --ah----- C:\sqmnoopt19.sqm

2007-12-30 10:33 . 2007-12-30 10:33 232 --ah----- C:\sqmdata19.sqm

2007-12-30 09:38 . 2007-12-30 09:38 244 --ah----- C:\sqmnoopt18.sqm

2007-12-30 09:38 . 2007-12-30 09:38 232 --ah----- C:\sqmdata18.sqm

2007-12-30 09:33 . 2007-12-30 09:33 244 --ah----- C:\sqmnoopt17.sqm

2007-12-30 09:33 . 2007-12-30 09:33 232 --ah----- C:\sqmdata17.sqm

2007-12-30 00:19 . 2008-01-13 14:00 <KAT> d-------- C:\Program\MSN Messenger

2007-12-29 15:57 . 2007-12-29 15:57 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2007-12-29 14:26 . 2007-12-29 14:29 <KAT> d-------- C:\Program\Windows Live

2007-12-29 14:26 . 2007-12-30 00:19 <KAT> d----c--- C:\Program\Delade filer\WindowsLiveInstaller

2007-12-29 14:26 . 2007-12-29 14:26 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-29 13:25 . 2007-12-29 13:25 244 --ah----- C:\sqmnoopt16.sqm

2007-12-29 13:25 . 2007-12-29 13:25 232 --ah----- C:\sqmdata16.sqm

2007-12-29 12:25 . 2007-12-29 12:25 244 --ah----- C:\sqmnoopt15.sqm

2007-12-29 12:25 . 2007-12-29 12:25 232 --ah----- C:\sqmdata15.sqm

2007-12-29 10:24 . 2007-12-29 10:24 244 --ah----- C:\sqmnoopt14.sqm

2007-12-29 10:24 . 2007-12-29 10:24 232 --ah----- C:\sqmdata14.sqm

2007-12-16 15:19 . 2007-12-16 15:19 244 --ah----- C:\sqmnoopt13.sqm

2007-12-16 15:19 . 2007-12-16 15:19 232 --ah----- C:\sqmdata13.sqm

2007-12-15 20:43 . 2007-12-15 20:45 <KAT> d-------- C:\Program\Deal or No Deal - Secret Vault Games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-14 07:49 --------- d-----w C:\Documents and Settings\Bergort\Application Data\Azureus

2008-01-11 16:41 77,312 ----a-w C:\WINDOWS\ua2.dll

2008-01-11 16:25 --------- d-----w C:\Program\SpywareBlaster

2008-01-11 09:03 --------- d-----w C:\Program\Windows Media Connect 2

2007-12-23 15:57 --------- d-----w C:\Program\Azureus

2007-12-14 10:34 3,532 ----a-w C:\drmHeader.bin

2007-12-14 10:34 --------- d-----w C:\Program\DivX

2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-03 14:03 --------- d-----w C:\Program\Delade filer\DirectX

2007-12-03 13:46 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-03 13:46 --------- d-----w C:\Program\Codemasters

2007-12-03 13:46 --------- d-----w C:\Documents and Settings\Bergort\Application Data\InstallShield

2007-12-01 20:56 733,184 ----a-w C:\WINDOWS\system32\autocheck.exe

2007-11-19 07:53 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-18 12:21 --------- d-----w C:\Program\TuneUp Utilities 2007

2007-11-18 12:19 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-11-18 12:03 --------- d-----w C:\Program\KONAMI

2007-11-18 12:00 --------- d-----w C:\Program\EA SPORTS

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-13 11:25 30,360 ----a-w C:\Documents and Settings\Bergort\Application Data\GDIPFONTCACHEV1.DAT

.

<pre>
----a-w           451,896 2008-01-09 16:53:29  C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth .exe
----a-w           949,376 2007-01-09 16:53:37  C:\Program\ESET\nod32kui .exe
----a-w         5,674,352 2008-01-13 12:40:59  C:\Program\MSN Messenger\MsnMsgr .Exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-01-13_13.43.16.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-13 12:30:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-14 07:52:44 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-14 07:52:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-13 12:30:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

+ 2008-01-14 07:52:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-14 07:52:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-13 12:30:13 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

+ 2008-01-14 07:52:45 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

- 2008-01-13 12:30:14 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-14 07:52:45 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 09:34 15360]

'MsnMsgr'='C:\Program\MSN Messenger\MsnMsgr.exe' [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'BluetoothAuthenticationAgent'='bthprops.cpl' [2004-08-04 09:34 110592 C:\WINDOWS\system32\bthprops.cpl]

'nmapp'='C:\Program\Pure Networks\Network Magic\nmapp.exe' [2008-01-13 19:44 451896]

'PrevxOne'='C:\Program\Prevx1\PXConsole.exe' [2008-01-13 19:44 1503232]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\System32\CTFMON.EXE' [2004-08-04 09:34 15360]

'hostserv'='hostserv.exe' []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

'MS Explorer Config Measurement'= C:\WINDOWS\system32\mscongf.exe

'Microsoft'= ati33.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

'NTSecurity'= NTSecurity.exe

'NTSpool'= NTSpool.exe

'autocheck.exe'= 12/01/2007, 11:37 AM

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgggd]

iifgggd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopqo]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrqr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

'AppInit_DLLs'=C:\WINDOWS\system32\svch8w.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ :\WINDOWS\syste

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

'Skype'='C:\Program\Skype\Phone\Skype.exe' /nosplash /minimized

'EA Core'=C:\Program\Electronic Arts\EA Downloader\Core.exe -silent

'updateMgr'='C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe' AcRdB7_0_7 -reboot 1

'Steam'=C:\Program\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe

'Anti-Blaxx Manager'=C:\Program\Anti-Blaxx\Anti-Blaxx.exe

'QuickTime Task'='C:\Program\QuickTime\qttask.exe' -atboottime

'ATICCC'='C:\Program\ATI Technologies\ATI.ACE\cli.exe' runtime -Delay

'iTunesHelper'='C:\Program\iTunes\iTunesHelper.exe'

'SoundMan'=SOUNDMAN.EXE

'tgcmd'='C:\Program\Telia\Supportassistent\bin\tgcmd.exe' /server /startmonitor /deaf

'PWRISOVM.EXE'=C:\Documents and Settings\Bergort\Mina dokument\Program\PowerISO\PWRISOVM.EXE

'Sony Ericsson PC Suite'='C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe' /startoptions

'SunJavaUpdateSched'='C:\Program\Java\jre1.5.0_09\bin\jusched.exe'

'iRiver Updater'=\Updater.exe

'StartCCC'='C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe'

'DAEMON Tools'='C:\Program\DAEMON Tools\daemon.exe' -lang 1033

'Logitech Hardware Abstraction Layer'=KHALMNPR.EXE

'PrevxOne'='C:\Program\Prevx2\PXConsole.exe'

 

R1 sdcplhsdcplhC:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-15 18:20]

R2 UxTuneUpTuneUp Theme ExtensionC:\WINDOWS\System32\svchost.exe [2004-08-04 09:34]

R3 xusb20Xbox 360 Wireless Receiver for Windows Driver ServiceC:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]

S3 8ba5fb8d-5699-406a-b268-bbeacba673488ba5fb8d-5699-406a-b268-bbeacba67348D:\Player\cds300.dll []

S3 s115busSony Ericsson Device 115 driver (WDM)C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdflSony Ericsson Device 115 USB WMC Modem FilterC:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdmSony Ericsson Device 115 USB WMC Modem DriverC:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmtSony Ericsson Device 115 USB WMC Device Management Drivers (WDM)C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obexSony Ericsson Device 115 USB WMC OBEX InterfaceC:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 s117busSony Ericsson Device 117 driver (WDM)C:\WINDOWS\system32\DRIVERS\s117bus.sys []

S3 s117nd5Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)C:\WINDOWS\system32\DRIVERS\s117nd5.sys []

S3 s117unicSony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 09:43]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

'2008-01-11 16:19:22 C:\WINDOWS\Tasks\1-Click Maintenance.job'

- C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe

'2008-01-13 21:17:12 C:\WINDOWS\Tasks\Symantec NetDetect.job'

- C:\Program\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-14 08:57:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Program\Eset\pr_imon.dll

.

Completion time: 2008-01-14 8:58:24

ComboFix-quarantined-files.txt 2008-01-14 07:58:10

ComboFix2.txt 2008-01-13 19:47:59

ComboFix3.txt 2008-01-13 12:43:29

.

2008-01-11 10:56:23 --- E O F ---

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Så där ja, det gick ju bättre.

 

Titta i C:\WINDOWS\ och C:\WINDOWS\System32 om där finns någon fil autocheck.exe, om du hittar den så skanna den på virustotal-sidan.

 

'Jag skannad alla filer, men det var enbart dem jag skickade med som visade något.'

Var det för någon fil som det rapporterade att den bara var 0 kB, för det är också viktigt att veta.

 

Skanna igenom datorn med Dr.Web CureIt

http://freedrweb.com/

Anvisningar: http://fromsej.dk/Vejledninger/html/drweb.html

Spara resultatet och klistra in här.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Följand visade 0 byte

 

C:\ghvltg.exe

C:\bhxqyu.exe

C:\WINDOWS\system32\svch8w.dll

C:\ugmsfom.exe

C:\WINDOWS\system32\dxdss.sys

C:\yamwm.exe

C:\WINDOWS\xmas_party01.zip

C:\WINDOWS\pics_july03.zip

C:\WINDOWS\pics14.zip

C:\WINDOWS\dream01.zip

C:\WINDOWS\pics05.exe

C:\WINDOWS\mmp3b.exe

 

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Laddad ner det å körde....resultatet visade att det inte hittades något virus. Men sen kikade jag igenom den länken med instruktioner du skickade med...och jag kunde inte ställa in alla de inställningar den sidan säger att man ska göra..pga. att det inte är samma version av programmet som jag laddade ner.

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Men det låter ju bra att den inte hittade något även om inställningarna har ändrat sig en del. Då ska det väl inte vara några gamla filer kvar heller.

 

Kör denna online-skanning:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

Klistra in resultatet från den.

 

Lite reparationer av de skador som infektionen orsakade:

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

I mappen C:\Program\Delade filer\Pure Networks Shared\Platform byt namn på filen nmctxth .exe till nmctxth.exe

I mappen C:\Program\ESET byt namn på nod32kui .exe till nod32kui.exe

I mappen C:\Program\MSN Messenger byt namn på MsnMsgr .Exe till MsnMsgr.Exe

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Protection

----------

Total scanned: 701448

Detected: 18

Untreated: 0

Start time: 2008-01-15 20:59:58

Duration: 00:00:00

Finish time: 2008-01-15 20:59:58

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan-Downloader.Win32.Small.hkq File: C:\imvmi.exe

deleted: Trojan program Backdoor.Win32.IRCBot.avw File: C:\Documents and Settings\Bergort\Mina dokument\Program\TuneUp Utilities 2007 + keygen\Keygen.exe//data.rar/Loader.exe

deleted: virus IM-Worm.Win32.Delf.ag File: C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/pics_july03.zip/pics_july03.exe

deleted: virus IM-Worm.Win32.Delf.ag File: C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/xmas_party01.zip/xmas_party01.exe

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[1].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[2].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[3].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[4].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[5].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[6].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.BHO.rs File: C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[7].htm//PE_Patch.PECompact//PecBundle//PECompact

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.dmn File: C:\QooBox\Quarantine\catchme2008-01-13_204146.17.zip/urqnnml.dll

deleted: Trojan program Trojan.Win32.Pakes.bxx File: C:\QooBox\Quarantine\C\ugmsfom.exe.vir

deleted: adware not-a-virus:AdWare.Win32.BHO.rh File: C:\QooBox\Quarantine\C\Program\Helper\superfindout.dll.vir//PE_Patch.PECompact//PecBundle//PECompact

deleted: virus IM-Worm.Win32.Delf.ag File: C:\QooBox\Quarantine\C\WINDOWS\photos_xmas_02.zip.vir/photos_xmas_02.exe

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.dmn File: C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyyxv.dll.vir

deleted: Trojan program Backdoor.Win32.Rbot.ffx File: C:\WINDOWS\system32\ati33.exe~//Armadillo

deleted: Trojan program Trojan.Win32.Pakes.bxx File: C:\WINDOWS\system32\dxdss.sys

 

 

Events

------

Time Event

---- -----

2008-01-15 21:02:06 Please restart your computer to complete the installation of new or updated protection components.

2008-01-15 21:02:07 Update completed successfully

2008-01-15 21:05:38 File C:\imvmi.exe: detected Trojan program 'Trojan-Downloader.Win32.Small.hkq'.

2008-01-15 21:05:38 Security threats have been detected. You are advised to neutralize them immediately.

2008-01-15 21:05:39 File C:\imvmi.exe: is still infected, postponed.

2008-01-15 22:22:02 File c:\imvmi.exe: detected Trojan program 'Trojan-Downloader.Win32.Small.hkq'.

2008-01-15 22:22:24 File c:\imvmi.exe: deleted.

2008-01-15 22:29:03 File C:\Documents and Settings\Bergort\Mina dokument\Program\TuneUp Utilities 2007 + keygen\Keygen.exe//data.rar/Loader.exe: detected Trojan program 'Backdoor.Win32.IRCBot.avw'.

2008-01-15 22:29:03 Security threats have been detected. You are advised to neutralize them immediately.

2008-01-15 22:29:03 File C:\Documents and Settings\Bergort\Mina dokument\Program\TuneUp Utilities 2007 + keygen\Keygen.exe//data.rar/Loader.exe: is still infected, postponed.

2008-01-15 22:36:06 File C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/pics_july03.zip/pics_july03.exe: detected virus 'IM-Worm.Win32.Delf.ag'.

2008-01-15 22:36:07 File C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/pics_july03.zip/pics_july03.exe: is still infected, postponed.

2008-01-15 22:36:07 File C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/xmas_party01.zip/xmas_party01.exe: detected virus 'IM-Worm.Win32.Delf.ag'.

2008-01-15 22:36:07 File C:\Documents and Settings\Bergort\Skrivbord\MSNFix\2008-01-13_18175007.zip/backup/xmas_party01.zip/xmas_party01.exe: is still infected, postponed.

2008-01-15 22:36:26 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[1].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:26 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[1].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:27 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[2].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:27 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[2].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:27 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[3].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:27 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[3].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:28 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[4].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:28 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[4].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:28 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[5].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:28 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[5].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:29 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[6].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:29 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[6].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:36:29 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[7].htm//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rs'.

2008-01-15 22:36:29 File C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\PNIYB6JK\xall[7].htm//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/Ad-Aware SE Default.skn: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow1.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow2.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bck1.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt11.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt12.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt13.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt21.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt22.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt23.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt31.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt32.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt33.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt41.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt42.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt43.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt51.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt52.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt53.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt61.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt62.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox1.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox2.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox3.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox4.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn1.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn2.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn3.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph1.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph2.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph3.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph4.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph5.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph6.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph7.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/main.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/preview.bmp: is password protected.

2008-01-15 22:53:01 File C:\Program\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/sprite1.bmp: is password protected.

2008-01-15 23:02:44 File C:\QooBox\Quarantine\catchme2008-01-13_204146.17.zip/urqnnml.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dmn'.

2008-01-15 23:02:44 Security threats have been detected. You are advised to neutralize them immediately.

2008-01-15 23:02:44 File C:\QooBox\Quarantine\catchme2008-01-13_204146.17.zip/urqnnml.dll: is still infected, postponed.

2008-01-15 23:02:44 File C:\QooBox\Quarantine\C\ugmsfom.exe.vir: detected Trojan program 'Trojan.Win32.Pakes.bxx'.

2008-01-15 23:02:44 File C:\QooBox\Quarantine\C\ugmsfom.exe.vir: is still infected, postponed.

2008-01-15 23:02:47 File C:\QooBox\Quarantine\C\Program\Helper\superfindout.dll.vir//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rh'.

2008-01-15 23:02:47 File C:\QooBox\Quarantine\C\Program\Helper\superfindout.dll.vir//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.

2008-01-15 23:02:49 File C:\QooBox\Quarantine\C\WINDOWS\photos_xmas_02.zip.vir/photos_xmas_02.exe: detected virus 'IM-Worm.Win32.Delf.ag'.

2008-01-15 23:02:49 File C:\QooBox\Quarantine\C\WINDOWS\photos_xmas_02.zip.vir/photos_xmas_02.exe: is still infected, postponed.

2008-01-15 23:02:50 File C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyyxv.dll.vir: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dmn'.

2008-01-15 23:02:50 File C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyyxv.dll.vir: is still infected, postponed.

2008-01-15 23:11:42 Update completed successfully

2008-01-15 23:20:02 File C:\WINDOWS\system32\ati33.exe~//Armadillo: detected Trojan program 'Backdoor.Win32.Rbot.ffx'.

2008-01-15 23:20:02 File C:\WINDOWS\system32\ati33.exe~//Armadillo: is still infected, postponed.

2008-01-15 23:20:19 File C:\WINDOWS\system32\dxdss.sys: detected Trojan program 'Trojan.Win32.Pakes.bxx'.

2008-01-15 23:20:19 File C:\WINDOWS\system32\dxdss.sys: is still infected, postponed.

2008-01-15 23:22:44 File c:\qoobox\quarantine\catchme2008-01-13_204146.17.zip/urqnnml.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dmn'.

2008-01-15 23:26:33 File c:\qoobox\quarantine\catchme2008-01-13_204146.17.zip/urqnnml.dll: deleted.

2008-01-15 23:26:33 File c:\qoobox\quarantine\c\ugmsfom.exe.vir: detected Trojan program 'Trojan.Win32.Pakes.bxx'.

2008-01-15 23:26:44 File c:\qoobox\quarantine\c\ugmsfom.exe.vir: deleted.

2008-01-15 23:26:44 File c:\qoobox\quarantine\c\program\helper\superfindout.dll.vir//PE_Patch.PECompact//PecBundle//PECompact: detected adware 'not-a-virus:AdWare.Win32.BHO.rh'.

2008-01-15 23:26:44 File c:\qoobox\quarantine\c\program\helper\superfindout.dll.vir: deleted.

2008-01-15 23:26:45 File c:\qoobox\quarantine\c\windows\photos_xmas_02.zip.vir/photos_xmas_02.exe: detected virus 'IM-Worm.Win32.Delf.ag'.

2008-01-15 23:26:45 File c:\qoobox\quarantine\c\windows\photos_xmas_02.zip.vir/photos_xmas_02.exe: deleted.

2008-01-15 23:26:45 File c:\qoobox\quarantine\c\windows\system32\ddcyyxv.dll.vir: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dmn'.

2008-01-15 23:26:53 File c:\qoobox\quarantine\c\windows\system32\ddcyyxv.dll.vir: deleted.

2008-01-15 23:26:53 File c:\windows\system32\ati33.exe~//Armadillo: detected Trojan program 'Backdoor.Win32.Rbot.ffx'.

2008-01-15 23:26:58 File c:\windows\system32\ati33.exe~: deleted.

2008-01-15 23:26:58 File c:\windows\system32\dxdss.sys: detected Trojan program 'Trojan.Win32.Pakes.bxx'.

2008-01-15 23:27:04 File c:\windows\system32\dxdss.sys: deleted.

 

 

Reports

-------

Component Status Start Finish Size

--------- ------ ----- ------ ----

Update completed 2008-01-15 20:59:59 2008-01-15 21:02:07 147,8 KB

Scan startup objects completed 2008-01-15 21:02:09 2008-01-15 21:03:32 430,6 KB

Scan completed 2008-01-15 21:05:10 2008-01-15 23:27:04 157,6 MB

Update completed 2008-01-15 23:07:21 2008-01-15 23:11:41 22,3 KB

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

Infected: virus IM-Worm.Win32.Delf.ag c:\documents and settings\bergort\skrivbord\msnfix\2008-01-13_18175007.zip 2,4 MB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[6].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[4].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dmn c:\qoobox\quarantine\c\windows\system32\ddcyyxv.dll.vir 39 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[5].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[2].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dmn c:\qoobox\quarantine\catchme2008-01-13_204146.17.zip 28,4 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[3].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[1].htm 18,5 KB

Infected: Trojan program Backdoor.Win32.Rbot.ffx c:\windows\system32\ati33.exe~ 744 KB

Infected: Trojan program Backdoor.Win32.IRCBot.avw c:\documents and settings\bergort\mina dokument\program\tuneup utilities 2007 + keygen\keygen.exe 287,2 KB

Infected: Trojan program Trojan.Win32.Pakes.bxx c:\qoobox\quarantine\c\ugmsfom.exe.vir 57,5 KB

Infected: virus IM-Worm.Win32.Delf.ag c:\qoobox\quarantine\c\windows\photos_xmas_02.zip.vir 240,6 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rs c:\documents and settings\localservice\lokala inställningar\temporary internet files\content.ie5\pniyb6jk\xall[7].htm 18,5 KB

Infected: adware not-a-virus:AdWare.Win32.BHO.rh c:\qoobox\quarantine\c\program\helper\superfindout.dll.vir 15,5 KB

Infected: Trojan program Trojan.Win32.Pakes.bxx c:\windows\system32\dxdss.sys 53,5 KB

Infected: Trojan program Trojan-Downloader.Win32.Small.hkq c:\imvmi.exe 15 KB

 

 

Min internetuppkoppling har blivit väldigt seg de senaste dagarna, kan det ha något med 'infektionen' att göra?

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

deleted: Trojan program Backdoor.Win32.IRCBot.avw File: C:\Documents and Settings\Bergort\Mina dokument\Program\TuneUp Utilities 2007 + keygen\Keygen.exe//data.rar/Loader.exe

Inte undra på att datorn är infekterad när du laddar ner sådant.

 

Bra att Kaspersky fick bort många otrevliga filer.

 

Du har infektioner som använder sig av internet.

 

Då får vi se hur det ser ut i en ny ComboFix-logg om något mer syns där.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

 

ComboFix 08-01-13.1 - Bergort 2008-01-16 7:15:41.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.505 [GMT 1:00]

Running from: C:\Documents and Settings\Bergort\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))

.

 

2008-01-15 21:02 . 2008-01-16 07:20 3,515,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-15 21:02 . 2008-01-15 23:35 47,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-15 21:02 . 2008-01-16 07:20 9,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-01-15 21:02 . 2008-01-15 23:35 1,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-01-15 20:56 . 2008-01-15 20:56 <KAT> d-------- C:\Program\Kaspersky Lab

2008-01-15 20:56 . 2008-01-16 07:02 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-01-15 20:55 . 2008-01-15 20:55 <KAT> d-------- C:\KAV

2008-01-15 11:00 . 2008-01-15 11:00 <KAT> d-------- C:\Documents and Settings\Bergort\DoctorWeb

2008-01-14 09:36 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-01-14 09:34 . 2008-01-14 09:34 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\ESET

2008-01-13 18:22 . 2008-01-13 18:22 1,552 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Bergort\Lokala instõllningar

2008-01-13 13:43 . 2008-01-13 20:48 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-01-13 13:40 . 2008-01-16 07:20 227 --a------ C:\WINDOWS\system.ini

2008-01-13 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 17:15 . 2008-01-12 17:43 8 --a------ C:\WINDOWS\system32\69393452

2008-01-11 17:50 . 2008-01-13 19:56 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\Prevx

2008-01-11 17:49 . 2008-01-16 07:00 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-11 17:49 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2008-01-11 17:49 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2008-01-11 13:23 . 2008-01-11 16:07 <KAT> d-------- C:\Documents and Settings\Bergort\Application Data\PrevxCSI

2008-01-11 09:54 . 2008-01-11 10:17 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-01-11 09:54 . 2008-01-11 10:17 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-01-09 20:17 . 2008-01-09 20:18 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-01-05 13:59 . 2008-01-05 13:59 <KAT> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX

2008-01-03 15:23 . 2008-01-03 15:23 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2008-01-03 15:22 . 2008-01-09 18:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-03 15:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-03 15:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-02 17:38 . 2008-01-02 17:38 <KAT> d-------- C:\Program\DIFX

2008-01-02 17:38 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys

2008-01-02 17:38 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

2008-01-02 17:35 . 2008-01-02 17:38 <KAT> d-------- C:\Program\Delade filer\Pure Networks Shared

2008-01-02 17:34 . 2008-01-02 17:34 <KAT> d-------- C:\Program\Pure Networks

2008-01-02 17:31 . 2008-01-02 17:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2007-12-30 16:04 . 2007-12-30 16:04 <KAT> d-------- C:\Program\SopCast

2007-12-30 10:33 . 2007-12-30 10:33 244 --ah----- C:\sqmnoopt19.sqm

2007-12-30 10:33 . 2007-12-30 10:33 232 --ah----- C:\sqmdata19.sqm

2007-12-30 09:38 . 2007-12-30 09:38 244 --ah----- C:\sqmnoopt18.sqm

2007-12-30 09:38 . 2007-12-30 09:38 232 --ah----- C:\sqmdata18.sqm

2007-12-30 09:33 . 2007-12-30 09:33 244 --ah----- C:\sqmnoopt17.sqm

2007-12-30 09:33 . 2007-12-30 09:33 232 --ah----- C:\sqmdata17.sqm

2007-12-30 00:19 . 2008-01-14 16:16 <KAT> d-------- C:\Program\MSN Messenger

2007-12-29 15:57 . 2007-12-29 15:57 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2007-12-29 14:26 . 2007-12-29 14:29 <KAT> d-------- C:\Program\Windows Live

2007-12-29 14:26 . 2007-12-30 00:19 <KAT> d----c--- C:\Program\Delade filer\WindowsLiveInstaller

2007-12-29 14:26 . 2007-12-29 14:26 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-29 13:25 . 2007-12-29 13:25 244 --ah----- C:\sqmnoopt16.sqm

2007-12-29 13:25 . 2007-12-29 13:25 232 --ah----- C:\sqmdata16.sqm

2007-12-29 12:25 . 2007-12-29 12:25 244 --ah----- C:\sqmnoopt15.sqm

2007-12-29 12:25 . 2007-12-29 12:25 232 --ah----- C:\sqmdata15.sqm

2007-12-29 10:24 . 2007-12-29 10:24 244 --ah----- C:\sqmnoopt14.sqm

2007-12-29 10:24 . 2007-12-29 10:24 232 --ah----- C:\sqmdata14.sqm

2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

2007-12-16 15:19 . 2007-12-16 15:19 244 --ah----- C:\sqmnoopt13.sqm

2007-12-16 15:19 . 2007-12-16 15:19 232 --ah----- C:\sqmdata13.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-14 07:49 --------- d-----w C:\Documents and Settings\Bergort\Application Data\Azureus

2008-01-11 16:41 77,312 ----a-w C:\WINDOWS\ua2.dll

2008-01-11 16:25 --------- d-----w C:\Program\SpywareBlaster

2008-01-11 09:03 --------- d-----w C:\Program\Windows Media Connect 2

2007-12-23 15:57 --------- d-----w C:\Program\Azureus

2007-12-15 19:45 --------- d-----w C:\Program\Deal or No Deal - Secret Vault Games

2007-12-14 10:34 3,532 ----a-w C:\drmHeader.bin

2007-12-14 10:34 --------- d-----w C:\Program\DivX

2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-03 14:03 --------- d-----w C:\Program\Delade filer\DirectX

2007-12-03 13:46 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-03 13:46 --------- d-----w C:\Program\Codemasters

2007-12-03 13:46 --------- d-----w C:\Documents and Settings\Bergort\Application Data\InstallShield

2007-12-01 20:56 733,184 ----a-w C:\WINDOWS\system32\autocheck.exe

2007-11-19 07:53 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-18 12:21 --------- d-----w C:\Program\TuneUp Utilities 2007

2007-11-18 12:19 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-11-18 12:03 --------- d-----w C:\Program\KONAMI

2007-11-18 12:00 --------- d-----w C:\Program\EA SPORTS

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-13 11:25 30,360 ----a-w C:\Documents and Settings\Bergort\Application Data\GDIPFONTCACHEV1.DAT

.

<pre>
----a-w         5,674,352 2008-01-13 12:40:59  C:\Program\MSN Messenger\MsnMsgr .Exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-01-13_13.43.16.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-13 12:30:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-14 07:52:44 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-14 07:52:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-13 12:30:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

+ 2008-01-14 07:52:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat

- 2008-01-13 12:30:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-14 07:52:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-13 12:30:13 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

+ 2008-01-14 07:52:45 11,079,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat

- 2008-01-13 12:30:14 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-14 07:52:45 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

- 2008-01-09 17:35:58 29,926 ----a-r C:\WINDOWS\Installer\{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}\MsblIco.Exe

+ 2008-01-14 15:16:25 29,926 ----a-r C:\WINDOWS\Installer\{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}\MsblIco.Exe

+ 2008-01-14 08:35:03 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe

+ 2008-01-14 08:35:03 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe

- 2008-01-12 16:25:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-01-16 06:01:18 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-01-12 16:25:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-16 06:01:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-12 16:25:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2008-01-16 06:01:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2008-01-15 20:02:06 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 09:34 15360]

'MsnMsgr'='C:\Program\MSN Messenger\MsnMsgr.exe' [2007-01-19 12:55 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'BluetoothAuthenticationAgent'='bthprops.cpl' [2004-08-04 09:34 110592 C:\WINDOWS\system32\bthprops.cpl]

'nmapp'='C:\Program\Pure Networks\Network Magic\nmapp.exe' [2008-01-13 19:44 451896]

'PrevxOne'='C:\Program\Prevx1\PXConsole.exe' [2008-01-13 19:44 1503232]

'egui'='C:\Program\ESET\ESET NOD32 Antivirus\egui.exe' [2007-12-21 08:21 1443072]

'QuickTime Task'='C:\Program\QuickTime\qttask.exe' [2005-10-24 20:51 155648]

'AVP'='C:\Program\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe' [2007-11-19 14:40 231952]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\System32\CTFMON.EXE' [2004-08-04 09:34 15360]

'hostserv'='hostserv.exe' []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

'MS Explorer Config Measurement'= C:\WINDOWS\system32\mscongf.exe

'Microsoft'= ati33.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

'NTSecurity'= NTSecurity.exe

'NTSpool'= NTSpool.exe

'autocheck.exe'= 12/01/2007, 11:37 AM

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgggd]

iifgggd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopqo]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrqr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

'AppInit_DLLs'=C:\WINDOWS\system32\svch8w.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ :\WINDOWS\syste

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

'Skype'='C:\Program\Skype\Phone\Skype.exe' /nosplash /minimized

'EA Core'=C:\Program\Electronic Arts\EA Downloader\Core.exe -silent

'updateMgr'='C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe' AcRdB7_0_7 -reboot 1

'Steam'=C:\Program\Valve\Steam\\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

'NeroFilterCheck'=C:\WINDOWS\system32\NeroCheck.exe

'Anti-Blaxx Manager'=C:\Program\Anti-Blaxx\Anti-Blaxx.exe

'QuickTime Task'='C:\Program\QuickTime\qttask.exe' -atboottime

'ATICCC'='C:\Program\ATI Technologies\ATI.ACE\cli.exe' runtime -Delay

'iTunesHelper'='C:\Program\iTunes\iTunesHelper.exe'

'SoundMan'=SOUNDMAN.EXE

'tgcmd'='C:\Program\Telia\Supportassistent\bin\tgcmd.exe' /server /startmonitor /deaf

'PWRISOVM.EXE'=C:\Documents and Settings\Bergort\Mina dokument\Program\PowerISO\PWRISOVM.EXE

'Sony Ericsson PC Suite'='C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe' /startoptions

'SunJavaUpdateSched'='C:\Program\Java\jre1.5.0_09\bin\jusched.exe'

'iRiver Updater'=\Updater.exe

'StartCCC'='C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe'

'DAEMON Tools'='C:\Program\DAEMON Tools\daemon.exe' -lang 1033

'Logitech Hardware Abstraction Layer'=KHALMNPR.EXE

'PrevxOne'='C:\Program\Prevx2\PXConsole.exe'

 

R1 epfwtdirepfwtdirC:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]

R1 sdcplhsdcplhC:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-15 18:20]

R2 UxTuneUpTuneUp Theme ExtensionC:\WINDOWS\System32\svchost.exe [2004-08-04 09:34]

S1 mp32mp3 audioC:\WINDOWS\system32\dxdss.sys []

S3 8ba5fb8d-5699-406a-b268-bbeacba673488ba5fb8d-5699-406a-b268-bbeacba67348D:\Player\cds300.dll []

S3 s115busSony Ericsson Device 115 driver (WDM)C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdflSony Ericsson Device 115 USB WMC Modem FilterC:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdmSony Ericsson Device 115 USB WMC Modem DriverC:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmtSony Ericsson Device 115 USB WMC Device Management Drivers (WDM)C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obexSony Ericsson Device 115 USB WMC OBEX InterfaceC:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 s117busSony Ericsson Device 117 driver (WDM)C:\WINDOWS\system32\DRIVERS\s117bus.sys []

S3 s117nd5Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)C:\WINDOWS\system32\DRIVERS\s117nd5.sys []

S3 s117unicSony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 09:43]

S3 xusb20Xbox 360 Wireless Receiver for Windows Driver ServiceC:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

'2008-01-11 16:19:22 C:\WINDOWS\Tasks\1-Click Maintenance.job'

- C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe

'2008-01-15 21:17:22 C:\WINDOWS\Tasks\Symantec NetDetect.job'

- C:\Program\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-16 07:20:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-16 7:21:53

ComboFix-quarantined-files.txt 2008-01-16 06:21:37

ComboFix2.txt 2008-01-14 07:58:25

ComboFix3.txt 2008-01-13 19:47:59

ComboFix4.txt 2008-01-13 12:43:29

.

2008-01-11 10:56:23 --- E O F ---

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen samt File size här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\autocheck.exe

 

Gå med Utforskaren till C:\WINDOWS\system32 och högerklicka på filen autocheck.exe och välj Egenskaper. Går det att knyta den till någon produkt eller företag?

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

Fil autocheck.exe mottagen 2008.01.17 08:16:28 (CET)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

 

 

Resultat: 10/32 (31.25%)

Laddar server information...

Din fil är köad i position: 3.

Uppskattat starttid är mellan 44 och 63 sekunder.

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka 'begär' så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.1.17.11 2008.01.17 Win-Trojan/Xema.variant

AntiVir 7.6.0.48 2008.01.16 TR/Crypt.CFI.Gen

Authentium 4.93.8 2008.01.16 -

Avast 4.7.1098.0 2008.01.16 Win32:Agent-OJX

AVG 7.5.0.516 2008.01.16 -

BitDefender 7.2 2008.01.17 -

CAT-QuickHeal 9.00 2008.01.16 -

ClamAV 0.91.2 2008.01.17 Trojan.Agent-11273

DrWeb 4.44.0.09170 2008.01.16 -

eSafe 7.0.15.0 2008.01.16 -

eTrust-Vet 31.3.5465 2008.01.17 -

Ewido 4.0 2008.01.16 -

FileAdvisor 1 2008.01.17 -

Fortinet 3.14.0.0 2008.01.17 -

F-Prot 4.4.2.54 2008.01.16 -

F-Secure 6.70.13260.0 2008.01.17 -

Ikarus T3.1.1.20 2008.01.17 Virus.Win32.Agent.OJX

Kaspersky 7.0.0.125 2008.01.17 -

McAfee 5209 2008.01.16 -

Microsoft 1.3109 2008.01.17 -

NOD32v2 2800 2008.01.17 -

Norman 5.80.02 2008.01.16 -

Panda 9.0.0.4 2008.01.17 Trj/Agent.HLO

Prevx1 V2 2008.01.17 Heuristic: Suspicious File With Covert Attributes

Rising 20.27.22.00 2008.01.16 Backdoor.Win32.Agent.yqe

Sophos 4.24.0 2008.01.17 -

Sunbelt 2.2.907.0 2008.01.17 -

Symantec 10 2008.01.17 -

TheHacker 6.2.9.189 2008.01.17 -

VBA32 3.12.2.5 2008.01.15 Backdoor.Win32.Agent.cvs

VirusBuster 4.3.26:9 2008.01.16 -

Webwasher-Gateway 6.6.2 2008.01.16 Trojan.Crypt.CFI.Gen

Övrig information

File size: 733184 bytes

MD5: b32f3bcca5a2dff2ccbcf0fce250f67a

SHA1: 70a7f2fdc28575fabdaccac5654166ca01c97a1c

PEiD: -

packers: Armadillo

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=6315ABAB00C9714130C00BA4F7380200E40E8CB1

 

Jag kan iallafall inte knyta den till något program eller företag, kan inte utläsa nått sånt under egenskaper.

 

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Framgår ju klart att det är en olämplig fil i alla fall.

 

Då får vi se vad SDFix säger.

 

Länk till kommentar
Dela på andra webbplatser
Lasken

Lasken

Postad
  • Trådskapare
Postad

`Ska man ta bort den 'manuellt'?

 

 

SDFix: Version 1.127

 

Run by Bergort on 2008-01-17 at 09:05

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

Name:

mp32

 

Path:

\??\C:\WINDOWS\system32\dxdss.sys

 

mp32 - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\BLING.EXE - Deleted

C:\WINDOWS\system32\bling.exe - Deleted

C:\WINDOWS\system32\TFTP???? - Deleted

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 09:12:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services &amp system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d18012297]

'001a75fcb63e'=hex:23,69,5f,42,31,36,fb,17,d3,95,28,37,11,8f,00,82

'001e4504f08b'=hex:e1,52,b5,07,1f,57,98,d5,f1,8c,ea,4b,69,eb,53,7e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

's1'=dword:e854696e

's2'=dword:af4530cb

'h0'=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

'p0'='C:\Program\DAEMON Tools\'

'h0'=dword:00000000

'khjeh'=hex:19,68,11,d5,74,c9,c3,6c,9d,19,b9,3e,ff,f1,ff,3c,ea,56,bb,9b,ac,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

'a0'=hex:20,01,00,00,4f,cc,e2,87,34,ef,b5,c8,a3,dd,41,53,b1,2b,1d,36,91,..

'khjeh'=hex:cc,6d,74,1a,66,6c,8a,59,07,8a,60,46,5c,0b,a5,5c,23,8f,da,5c,f7,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

'khjeh'=hex:dd,c5,99,af,25,c5,54,a0,6a,0c,55,07,8d,e2,f2,d2,85,08,0a,96,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d18012297]

'001a75fcb63e'=hex:23,69,5f,42,31,36,fb,17,d3,95,28,37,11,8f,00,82

'001e4504f08b'=hex:e1,52,b5,07,1f,57,98,d5,f1,8c,ea,4b,69,eb,53,7e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

'p0'='C:\Program\DAEMON Tools\'

'h0'=dword:00000000

'khjeh'=hex:19,68,11,d5,74,c9,c3,6c,9d,19,b9,3e,ff,f1,ff,3c,ea,56,bb,9b,ac,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

'a0'=hex:20,01,00,00,4f,cc,e2,87,34,ef,b5,c8,a3,dd,41,53,b1,2b,1d,36,91,..

'khjeh'=hex:cc,6d,74,1a,66,6c,8a,59,07,8a,60,46,5c,0b,a5,5c,23,8f,da,5c,f7,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

'khjeh'=hex:dd,c5,99,af,25,c5,54,a0,6a,0c,55,07,8d,e2,f2,d2,85,08,0a,96,43,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 74

 

 

Remaining Services:

------------------

 

 

 

 

Remaining Files:

---------------

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Mon 7 Jan 2008 352 A..H. --- 'C:\WINDOWS\nod32fixtemdono.reg'

Sat 24 Dec 2005 4,348 A.SH. --- 'C:\Documents and Settings\All Users\DRM\DRMv1.bak'

Fri 11 Jan 2008 0 A.SH. --- 'C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp'

Sat 13 Nov 2004 37,376 ...H. --- 'C:\Program\Delade filer\Adobe\ESD\DLMCleanup.exe'

Wed 4 Jan 2006 20 A..H. --- 'C:\Documents and Settings\Bergort\Mina dokument\Min musik\S„kerhetskopia f”r licens\drmv1lic.bak'

 

Finished!

 

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...