Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Win32:Pakes-AKM [trj]

SussSuss

Startad av SussSuss,
i Virus, skadliga program & botemedel

Rekommendera Poster

SussSuss

SussSuss

Postad
Postad

Min dotter har fått sin dator infekterad av en trojan jag försökt göra mig av med men inte lyckats. Datorn har avast! som virusprogram (som jag upptäckte har stått ouppdaterat rätt länge) och vid genomsökning hittar den olika filer som blivit infekterade av trojanen Pakes-AKM. Ett exempel på infekterad fil är c:\windows\system32\devenu.dll men det har varit flera olika. Den här går inte ens att lägga i karantän eftersom det blir "åtkomst nekad".

Jag har kanske ställt till det i dotterns dator i min iver att rensa, jag har letat info i olika forum, men inte hittat så mycket. Det jag gjort då är att köra några olika program jag ändå hittat tips om (antagligen inte bra när man inte riktigt vet vad man gör). Jag har provat ComboFix och SUPERantispyware, men har ändå inte blivit av med Pakes-AKM.

Någon som kan hjälpa oss?

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

ComboFix-loggen

ComboFix 08-04-01.2 - Cecilia 2008-04-02 13:58:03.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1053.18.111 [GMT 2:00]
Running from: C:\Documents and Settings\Cecilia\Skrivbord\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\eiqtasdo.dll
C:\WINDOWS\system32\krsqcyes.dll
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\devenu.dll . . . . failed to delete
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini

.
(((((((((((((((((((((((((   Files Created from 2008-03-02 to 2008-04-02  )))))))))))))))))))))))))))))))
.

2008-04-02 12:00 . 2008-04-02 12:00    <KAT>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 11:59 . 2008-04-02 12:29    <KAT>    d--------    C:\Program\SUPERAntiSpyware
2008-04-02 11:59 . 2008-04-02 11:59    <KAT>    d--------    C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
2008-04-02 11:12 . 2008-04-02 12:26    <KAT>    d--------    C:\Program\a-squared Anti-Malware
2008-04-01 17:20 . 2008-04-01 17:20    <KAT>    d--------    C:\Program\Lavasoft
2008-04-01 17:20 . 2008-04-01 17:20    <KAT>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-01 17:19 . 2008-04-02 11:59    <KAT>    d--------    C:\Program\Delade filer\Wise Installation Wizard
2008-04-01 17:10 . 2008-04-01 17:29    1,593,436    ---hs----    C:\WINDOWS\system32\peadvnhk.ini
2008-04-01 16:01 . 2008-04-01 16:01    <KAT>    d--------    C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2008-04-01 16:01 . 2008-04-01 16:01    <KAT>    d--------    C:\Documents and Settings\NetworkService\Lokala inställningar
2008-04-01 16:01 . 2008-04-01 16:01    <KAT>    d--------    C:\Documents and Settings\LocalService\Lokala inställningar
2008-04-01 16:01 . 2008-04-01 16:01    <KAT>    d--------    C:\Documents and Settings\Cecilia\Lokala inställningar
2008-03-31 17:38 . 2008-03-31 19:44    1,417,955    ---hs----    C:\WINDOWS\system32\kotrfttt.ini
2008-03-31 06:54 . 2008-03-31 17:36    1,379,687    ---hs----    C:\WINDOWS\system32\ycviwygf.ini
2008-03-31 06:49 . 2008-03-31 06:49    26,800    --a------    C:\WINDOWS\system32\ljJBSiif.dll
2008-03-30 20:02 . 2008-03-31 06:43    1,379,878    ---hs----    C:\WINDOWS\system32\qesanrbs.ini
2008-03-30 17:45 . 2008-03-30 19:57    1,379,758    ---hs----    C:\WINDOWS\system32\ugeptjpq.ini
2008-03-30 14:01 . 2008-03-30 17:37    1,379,674    ---hs----    C:\WINDOWS\system32\hfvoaypt.ini
2008-03-30 13:52 . 2008-03-30 13:52    1,379,518    ---hs----    C:\WINDOWS\system32\tbucytlp.ini
2008-03-30 13:30 . 2008-03-30 13:31    1,379,458    ---hs----    C:\WINDOWS\system32\ipymfjfx.ini
2008-03-29 20:33 . 2008-03-30 13:19    1,379,398    ---hs----    C:\WINDOWS\system32\mewbvfpb.ini
2008-03-29 19:53 . 2008-03-29 20:25    1,379,218    ---hs----    C:\WINDOWS\system32\dcdvubgb.ini
2008-03-29 12:09 . 2008-03-29 19:50    1,379,116    ---hs----    C:\WINDOWS\system32\ccddjmis.ini
2008-03-28 23:30 . 2008-03-29 11:58    1,426,512    ---hs----    C:\WINDOWS\system32\qucrgoxh.ini
2008-03-28 18:15 . 2008-03-28 18:15    1,420,518    ---hs----    C:\WINDOWS\system32\nhhhwjun.ini
2008-03-28 11:49 . 2008-03-28 18:04    1,420,458    ---hs----    C:\WINDOWS\system32\gxxplfyl.ini
2008-03-27 21:24 . 2008-03-28 11:38    1,429,430    ---hs----    C:\WINDOWS\system32\yeolsyow.ini
2008-03-27 16:11 . 2008-03-27 21:13    1,418,785    ---hs----    C:\WINDOWS\system32\mpwkeihf.ini
2008-03-26 11:48 . 2008-03-27 16:04    1,531,544    ---hs----    C:\WINDOWS\system32\cupqmmqf.ini
2008-03-25 15:54 . 2008-03-26 11:41    1,540,756    ---hs----    C:\WINDOWS\system32\mdnealvu.ini
2008-03-25 14:37 . 2008-03-25 15:44    1,548,136    ---hs----    C:\WINDOWS\system32\hhavkkdk.ini
2008-03-25 09:16 . 2008-03-25 14:27    1,577,683    ---hs----    C:\WINDOWS\system32\vifalpam.ini
2008-03-24 19:57 . 2008-03-25 09:09    1,578,685    ---hs----    C:\WINDOWS\system32\oqmnsmkw.ini
2008-03-24 19:30 . 2008-03-24 19:36    1,578,888    ---hs----    C:\WINDOWS\system32\gtphifww.ini
2008-03-24 11:05 . 2008-03-24 19:19    1,544,799    ---hs----    C:\WINDOWS\system32\pdibglmx.ini
2008-03-23 14:49 . 2008-03-24 10:57    1,543,759    ---hs----    C:\WINDOWS\system32\qgqchfhf.ini
2008-03-23 11:32 . 2008-03-23 14:38    1,543,639    ---hs----    C:\WINDOWS\system32\bvthwxha.ini
2008-03-22 20:49 . 2008-03-23 11:21    1,543,537    ---hs----    C:\WINDOWS\system32\lnnlkhgp.ini
2008-03-22 12:19 . 2008-03-22 12:19    1,543,399    ---hs----    C:\WINDOWS\system32\kheevgrw.ini
2008-03-21 22:47 . 2008-03-22 12:08    1,543,357    ---hs----    C:\WINDOWS\system32\mkttsxln.ini
2008-03-21 22:45 . 2008-03-21 22:45    1,543,159    ---hs----    C:\WINDOWS\system32\stukjptj.ini
2008-03-16 11:20 . 2008-03-16 15:41    37,481    --ahs----    C:\WINDOWS\system32\xycdd.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 04:56    ---------    d-----w    C:\Program\Winamp Remote
2008-04-02 04:55    ---------    d-----w    C:\Program\FlashGet
2008-04-01 20:17    ---------    d--h--w    C:\Program\InstallShield Installation Information
2008-04-01 20:14    ---------    d-----w    C:\Program\Winamp
2008-04-01 20:04    ---------    d-----w    C:\Program\MythWar_en
2008-04-01 16:35    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust
2008-03-01 11:23    ---------    d-----w    C:\Program\iPhoto Plus 4
2008-02-27 17:10    ---------    d-----w    C:\Program\Mustek 600 CP
2008-02-03 22:05    ---------    d-----w    C:\Program\VALVe
2007-11-06 21:29    18,432    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb41.dat
2007-11-06 14:11    384    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb6334.dat
2007-11-06 14:08    555    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb8467.dat
1999-07-07 00:00    6    --sh--r    C:\WINDOWS\@@desktop.dat
2007-01-30 16:51    8    --sh--r    C:\WINDOWS\system32\782DB52D39.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-04-01_16.00.42.98   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-02 10:00:00    18,944    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-02 10:00:00    65,024    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-04-01 15:20:51    1,038,336    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-04-01 15:20:51    178,688    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-04-01 15:20:51    171,008    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-04-01 15:20:51    8,704    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 11:37:26    6,272    ----a-w    C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 10:58:08    8,320    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 10:56:58    9,344    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 12:19:52    7,680    ----a-w    C:\WINDOWS\system32\lsdelete.exe
- 2008-04-01 13:54:55    12,400    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-02 12:24:55    12,400    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-02 12:24:43    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06    1135968    --a------    C:\Program\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]
            C:\WINDOWS\system32\qwttagcr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]
2004-08-04 14:00    96256    --a------    C:\WINDOWS\system32\devenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [ ]
"Orb"="C:\Program\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Program\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2007-01-29 11:11 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Creative WebCam Tray"="C:\Program\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WinampAgent"="C:\Program\Winamp\wianmpa.exe" [ ]
"BM6bda8334"="C:\WINDOWS\system32\gvxilbvo.dll" [ ]
"68e9b0a8"="C:\WINDOWS\system32\khnvdaep.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Cecilia\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-02-27 19:08:04 176640]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Ralink Wireless Utility.lnk - C:\Program\RALINK\Common\RaUI.exe [2007-10-29 17:00:21 606208]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-01-30 19:16:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayaw]
efcayaw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R0 amwdygot;amwdygot;C:\WINDOWS\system32\drivers\enlprjfb.dat []
R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 17:40]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

*Newly Created Service* - SASDIFSV
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 14:25:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amwdygot]
"ImagePath"="system32\drivers\enlprjfb.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-04-02 14:30:51 - machine was rebooted [Cecilia]
ComboFix-quarantined-files.txt  2008-04-02 12:30:47
ComboFix2.txt  2008-04-01 14:01:48
Pre-Run: 180,019,245,056 byte ledigt
Post-Run: 180,062,515,200 byte ledigt
.
2008-03-12 06:32:42    --- E O F --- 

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Det där blev ju inte så snyggt. Hur gör man för att klistra in logg-filer?

En annan viktig sak angående detta problem, jag blev nyligen observant på det. Det verkar vara två trojaner, den andra dyker upp som Win32:TratBHO [trj]. Dottern säger nu att det har hon sett förut också, hon känner igen namnet på varningarna hon sett när avast! varnar.

Ursäkta snurrigheten..

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det är forumet som inbland hittar på lite konstigheter med formateringen.

Kopiera alla understrukna rader

File::
C:\WINDOWS\system32\peadvnhk.ini
C:\WINDOWS\system32\ycviwygf.ini
C:\WINDOWS\system32\ljJBSiif.dll
C:\WINDOWS\system32\qesanrbs.ini
C:\WINDOWS\system32\ugeptjpq.ini
C:\WINDOWS\system32\hfvoaypt.ini
C:\WINDOWS\system32\tbucytlp.ini
C:\WINDOWS\system32\ipymfjfx.ini
C:\WINDOWS\system32\mewbvfpb.ini
C:\WINDOWS\system32\dcdvubgb.ini
C:\WINDOWS\system32\ccddjmis.ini
C:\WINDOWS\system32\qucrgoxh.ini
C:\WINDOWS\system32\nhhhwjun.ini
C:\WINDOWS\system32\gxxplfyl.ini
C:\WINDOWS\system32\yeolsyow.ini
C:\WINDOWS\system32\mpwkeihf.ini
C:\WINDOWS\system32\cupqmmqf.ini
C:\WINDOWS\system32\mdnealvu.ini
C:\WINDOWS\system32\hhavkkdk.ini
C:\WINDOWS\system32\vifalpam.ini
C:\WINDOWS\system32\oqmnsmkw.ini
C:\WINDOWS\system32\gtphifww.ini
C:\WINDOWS\system32\pdibglmx.ini
C:\WINDOWS\system32\qgqchfhf.ini
C:\WINDOWS\system32\bvthwxha.ini
C:\WINDOWS\system32\lnnlkhgp.ini
C:\WINDOWS\system32\kheevgrw.ini
C:\WINDOWS\system32\mkttsxln.ini
C:\WINDOWS\system32\stukjptj.ini
C:\WINDOWS\system32\xycdd.ini

och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet  så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

ComboFix 08-04-01.2 - Cecilia 2008-04-02 22:09:45.4 - NTFSx86
Running from: C:\Documents and Settings\Cecilia\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cecilia\Skrivbord\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\ WINDOWS\system32\hhavkkdk.ini
C:\WIND OWS\system32\cupqmmqf.ini
C:\WINDOWS\ system32\yeolsyow.ini
C:\WINDOWS\syst em32\nhhhwjun.ini
C:\WINDOWS\syste m32\xycdd.ini
C:\WINDOWS\system32 \ccddjmis.ini
C:\WINDOWS\system32\ mkttsxln.ini
C:\WINDOWS\system32\bvthwxha.ini
C:\WINDOWS\system32\dcdvubgb.ini
C:\WINDOWS\system32\gtphifww.ini
C:\WINDOWS\system32\gxxplfyl.ini
C:\WINDOWS\system32\hfvoaypt.ini
C:\WINDOWS\system32\ipymfjfx.ini
C:\WINDOWS\system32\kheevgrw.ini
C:\WINDOWS\system32\ljJBSiif.dll
C:\WINDOWS\system32\lnnl khgp.ini
C:\WINDOWS\system32\mdnealvu.ini
C:\WINDOWS\system32\mew bvfpb.ini
C:\WINDOWS\system32\mpwkeihf.ini
C:\WINDOWS\system32\oqmnsmkw.ini
C:\WINDOWS\system32\pdibglmx.ini
C:\WINDOWS\system32\peadvnhk.ini
C:\WINDOWS\system32\qesanrbs.ini
C:\WINDOWS\system32\qgqchfhf .ini
C:\WINDOWS\system32\qucrgoxh.ini
C:\WINDOWS\system32\stukjptj.ini
C:\WINDOWS\system32\tbucytl p.ini
C:\WINDOWS\system32\ugeptjpq.in i
C:\WINDOWS\system32\vifalpam.ini
C:\WINDOWS\system32\ycviwygf.ini
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bvthwxha.ini
C:\WINDOWS\system32\dcdvubgb.ini
C:\WINDOWS\system32\gtphifww.ini
C:\WINDOWS\system32\gxxplfyl.ini
C:\WINDOWS\system32\hfvoaypt.ini
C:\WINDOWS\system32\ipymfjfx.ini
C:\WINDOWS\system32\kheevgrw.ini
C:\WINDOWS\system32\ljJBSiif.dll
C:\WINDOWS\system32\mdnealvu.ini
C:\WINDOWS\system32\mpwkeihf.ini
C:\WINDOWS\system32\oqmnsmkw.ini
C:\WINDOWS\system32\pdibglmx.ini
C:\WINDOWS\system32\peadvnhk.ini
C:\WINDOWS\system32\qesanrbs.ini
C:\WINDOWS\system32\qucrgoxh.ini
C:\WINDOWS\system32\stukjptj.ini
C:\WINDOWS\system32\vifalpam.ini
C:\WINDOWS\system32\ycviwygf.ini
C:\WINDOWS\system32\devenu.dll . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2008-03-02 to 2008-04-02  )))))))))))))))))))))))))))))))
.

2008-04-02 12:00 . 2008-04-02 12:00    <KAT>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 11:59 . 2008-04-02 12:29    <KAT>    d--------    C:\Program\SUPERAntiSpyware
2008-04-02 11:59 . 2008-04-02 11:59    <KAT>    d--------    C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com
2008-04-02 11:12 . 2008-04-02 12:26    <KAT>    d--------    C:\Program\a-squared Anti-Malware
2008-04-01 17:20 . 2008-04-01 17:20    <KAT>    d--------    C:\Program\Lavasoft
2008-04-01 17:20 . 2008-04-01 17:20    <KAT>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-01 17:19 . 2008-04-02 11:59    <KAT>    d--------    C:\Program\Delade filer\Wise Installation Wizard
2008-04-01 16:01 . 2008-04-02 14:30    <KAT>    d--------    C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2008-04-01 16:01 . 2008-04-02 14:30    <KAT>    d--------    C:\Documents and Settings\NetworkService\Lokala inställningar
2008-04-01 16:01 . 2008-04-02 14:30    <KAT>    d--------    C:\Documents and Settings\LocalService\Lokala inställningar
2008-04-01 16:01 . 2008-04-02 14:30    <KAT>    d--------    C:\Documents and Settings\Cecilia\Lokala inställningar
2008-03-31 17:38 . 2008-03-31 19:44    1,417,955    ---hs----    C:\WINDOWS\system32\kotrfttt.ini
2008-03-30 17:45 . 2008-03-30 19:57    1,379,758    ---hs----    C:\WINDOWS\system32\ugeptjpq.ini
2008-03-30 13:52 . 2008-03-30 13:52    1,379,518    ---hs----    C:\WINDOWS\system32\tbucytlp.ini
2008-03-29 20:33 . 2008-03-30 13:19    1,379,398    ---hs----    C:\WINDOWS\system32\mewbvfpb.ini
2008-03-29 12:09 . 2008-03-29 19:50    1,379,116    ---hs----    C:\WINDOWS\system32\ccddjmis.ini
2008-03-28 18:15 . 2008-03-28 18:15    1,420,518    ---hs----    C:\WINDOWS\system32\nhhhwjun.ini
2008-03-27 21:24 . 2008-03-28 11:38    1,429,430    ---hs----    C:\WINDOWS\system32\yeolsyow.ini
2008-03-26 11:48 . 2008-03-27 16:04    1,531,544    ---hs----    C:\WINDOWS\system32\cupqmmqf.ini
2008-03-25 14:37 . 2008-03-25 15:44    1,548,136    ---hs----    C:\WINDOWS\system32\hhavkkdk.ini
2008-03-23 14:49 . 2008-03-24 10:57    1,543,759    ---hs----    C:\WINDOWS\system32\qgqchfhf.ini
2008-03-22 20:49 . 2008-03-23 11:21    1,543,537    ---hs----    C:\WINDOWS\system32\lnnlkhgp.ini
2008-03-21 22:47 . 2008-03-22 12:08    1,543,357    ---hs----    C:\WINDOWS\system32\mkttsxln.ini
2008-03-16 11:20 . 2008-03-16 15:41    37,481    --ahs----    C:\WINDOWS\system32\xycdd.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 04:56    ---------    d-----w    C:\Program\Winamp Remote
2008-04-02 04:55    ---------    d-----w    C:\Program\FlashGet
2008-04-01 20:17    ---------    d--h--w    C:\Program\InstallShield Installation Information
2008-04-01 20:14    ---------    d-----w    C:\Program\Winamp
2008-04-01 20:04    ---------    d-----w    C:\Program\MythWar_en
2008-04-01 16:35    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust
2008-03-01 11:23    ---------    d-----w    C:\Program\iPhoto Plus 4
2008-02-27 17:10    ---------    d-----w    C:\Program\Mustek 600 CP
2008-02-03 22:05    ---------    d-----w    C:\Program\VALVe
2007-11-06 21:29    18,432    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb41.dat
2007-11-06 14:11    384    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb6334.dat
2007-11-06 14:08    555    ----a-w    C:\Documents and Settings\Cecilia\Application Data\internaldb8467.dat
1999-07-07 00:00    6    --sh--r    C:\WINDOWS\@@desktop.dat
2007-01-30 16:51    8    --sh--r    C:\WINDOWS\system32\782DB52D39.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-04-01_16.00.42.98   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-02 10:00:00    18,944    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-02 10:00:00    65,024    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-04-01 15:20:51    1,038,336    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-04-01 15:20:51    178,688    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-04-01 15:20:51    171,008    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-04-01 15:20:51    8,704    ----a-r    C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 11:37:26    6,272    ----a-w    C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 10:58:08    8,320    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 10:56:58    9,344    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 12:19:52    7,680    ----a-w    C:\WINDOWS\system32\lsdelete.exe
- 2008-04-01 13:54:55    12,400    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-02 20:18:05    12,400    ----a-w    C:\WINDOWS\system32\tablet.dat
+ 2008-04-02 20:17:52    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_508.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06    1135968    --a------    C:\Program\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]
            C:\WINDOWS\system32\qwttagcr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]
2004-08-04 14:00    96256    --a------    C:\WINDOWS\system32\devenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [ ]
"Orb"="C:\Program\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Program\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2007-01-29 11:11 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Creative WebCam Tray"="C:\Program\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WinampAgent"="C:\Program\Winamp\wianmpa.exe" [ ]
"BM6bda8334"="C:\WINDOWS\system32\gvxilbvo.dll" [ ]
"68e9b0a8"="C:\WINDOWS\system32\khnvdaep.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Cecilia\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-02-27 19:08:04 176640]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Ralink Wireless Utility.lnk - C:\Program\RALINK\Common\RaUI.exe [2007-10-29 17:00:21 606208]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-01-30 19:16:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayaw]
efcayaw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R0 amwdygot;amwdygot;C:\WINDOWS\system32\drivers\enlprjfb.dat []
R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 17:40]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 22:18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amwdygot]
"ImagePath"="system32\drivers\enlprjfb.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-04-02 22:25:20 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-02 20:25:15
ComboFix2.txt  2008-04-02 12:30:52
ComboFix3.txt  2008-04-01 14:01:48
Pre-Run: 182,291,050,496 byte ledigt
Post-Run: 182,255,108,096 byte ledigt
.
2008-03-12 06:32:42    --- E O F ---  

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Gå till http://www.virustotal.com/

klistra in ett av följande filnamn i

rutan, tryck på Skicka Fil och vänta tills resultatet är klart

(Närvarande status blir genomförd). Klistra in resultatet från de olika

antivirusprogrammen här. Upprepa med

nästa filnamn.
C:\WINDOWS\@@desktop.dat
C:\WINDOWS\system32\782DB52D39.sys
C:\WINDOWS\system32\tablet.dat
C:\WINDOWS\system32\devenu.dll

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

 

 

 

 

 

 

 

 

Fil 782DB52D39.sys mottagen 2008.03.02 16:02:20 (CET)

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

-

-

-

 

AntiVir

-

-

-

 

Authentium

-

-

-

 

Avast

-

-

-

 

AVG

-

-

-

 

BitDefender

-

-

-

 

CAT-QuickHeal

-

-

-

 

ClamAV

-

-

-

 

DrWeb

-

-

-

 

eSafe

-

-

-

 

eTrust-Vet

-

-

-

 

Ewido

-

-

-

 

FileAdvisor

-

-

-

 

Fortinet

-

-

-

 

F-Prot

-

-

-

 

F-Secure

-

-

-

 

Ikarus

-

-

-

 

Kaspersky

-

-

-

 

McAfee

-

-

-

 

Microsoft

-

-

-

 

NOD32v2

-

-

-

 

Norman

-

-

-

 

Panda

-

-

-

 

Prevx1

-

-

-

 

Rising

-

-

-

 

Sophos

-

-

-

 

Sunbelt

-

-

-

 

Symantec

-

-

-

 

TheHacker

-

-

-

 

VBA32

-

-

-

 

VirusBuster

-

-

-

 

Webwasher-Gateway

-

-

BlockReason.0

 


 

Övrig information

 

MD5: 0641a46f1e58529a42ead4573a3a0861

 

SHA1: 2fa91927668fb0b3a4da32722825e15080cb5c21

 

SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cb

 

SHA512:

deb5dbaf2e5182bebab7afb899c47f5e33298060f7cedbbd7ef569ac36f23a6e

a176bddbd12b058a1932bcf39e6b848c195b4293aad3dcb829ed8b093c2d096a

 

var mostrarNegativos=1;

var modoMuestra='tabla';

var is_ie/*@cc_on = { version : 1 }@*/; //pa cagarse, verdad... :P

function comoTxt(separador) {

var pre=document.getElementById("tabulado");

document.getElementsByTagName("body")[0].removeChild(pre);

 

var salto='\n';

if (is_ie) salto='\r';

 

var tbl = opener.document.getElementById('tablaMotores');

 

var contenido='';

for (var i=0; i < tbl.rows.length; i++) {

var row = tbl.rows;

var linea='';

 

for (var j=0; j < row.cells.length; j++) {

linea+=row.cells[j].innerHTML+separador;

}

linea=linea.substr(0,linea.length-1);

 

if ( (row.cells[3].innerHTML == '-') && (mostrarNegativos==0) ) {

continue;

}

contenido+=linea+salto;

}

contenido+=salto;

 

// Tabla info

var inftbl = opener.document.getElementById('tablaInformacion');

for (var i=0; i < inftbl.rows.length; i++) {

var infrow = inftbl.rows;

var info = infrow.cells[0].innerHTML;

contenido+=info+salto;

}

var pre=document.createElement("pre");

pre.id = "tabulado";

var tnode=document.createTextNode(contenido);

pre.appendChild(tnode);

document.getElementsByTagName("body")[0].appendChild(pre);

}

function comoHTML() {

var pre=document.getElementById("enhtml");

 

var salto='\n';

var tbl = opener.document.getElementById('tablaMotores');

 

var contenido='<table border="1">';

contenido+='<tr><td colspan="4">'+infoMuestra()+'</td></tr>';

 

for (var i=0; i < tbl.rows.length; i++) {

var row = tbl.rows;

var linea='<tr>';

 

for (var j=0; j < row.cells.length; j++) {

if ( (j == 3) && (i > 0) && (row.cells[j].innerHTML != '-') ) {

linea+='<td style="color: red;">'+row.cells[j].innerHTML+'</td>';

} else {

linea+='<td>'+row.cells[j].innerHTML+'</td>';

}

}

linea=linea.substr(0,linea.length-1);

 

if ( (row.cells[3].innerHTML == '-') && (mostrarNegativos==0) ) {

continue;

}

contenido+=linea+'</tr>';

}

contenido+='<tr><td colspan="4">&nbsp;</td></tr>';

 

// Tabla info

var inftbl = opener.document.getElementById('tablaInformacion');

for (var i=0; i < inftbl.rows.length; i++) {

var infrow = inftbl.rows;

var info = infrow.cells[0].innerHTML;

contenido+='<tr><td colspan="4">'+info+'</td></tr>';

}

pre.value=contenido+'</table>';

pre.focus();

pre.select();

}

function comoTabla() {

var mottbl = opener.document.getElementById('tablaMotores');

var inftbl = opener.document.getElementById('tablaInformacion');

var tbl = document.getElementById('tableado');

 

// Vaciamos la tabla

for (var i=tbl.rows.length; i > 0 ; i--) tbl.deleteRow(0);

 

// Tabla motores

for (var i=0; i < mottbl.rows.length; i++) {

var row = tbl.insertRow(tbl.rows.length);

var motrow = mottbl.rows;

 

for (var j=0; j < motrow.cells.length; j++) {

var cell = row.insertCell(j);

var contenido = motrow.cells[j].innerHTML;

var textN = document.createTextNode(contenido);

cell.appendChild(textN);

 

if (j==2) cell.style.textAlign="center";

else if (j==3) {

if ( (i!=0) && (contenido != '-') && (contenido != 'no ha encontrado virus') && (contenido != 'no virus found') && (contenido != 'No threat detected') && (contenido != 'Not analyzed yet')) {

cell.style.color="red";

}

}

 

if ( (mostrarNegativos==0) && (j==3) && (i!=0) && (contenido == '-') ) {

row.style.display='none';

}

 

}

}

var row = tbl.insertRow(tbl.rows.length);

var cell = row.insertCell(0);

cell.colSpan=4;

cell.appendChild(document.createTextNode('.'));

cell.innerHTML='<div style="height:10px;"></div>';

cell.height=10;

 

// Tabla info

for (var i=0; i < inftbl.rows.length; i++) {

var row = tbl.insertRow(tbl.rows.length);

var infrow = inftbl.rows;

var cell = row.insertCell(0);

cell.colSpan=4;

var contenido = infrow.cells[0].innerHTML;

cell.appendChild(document.createTextNode(contenido));

}

 

 

}

function redibuja(que) {

document.getElementById('tabulado').style.display="none";

document.getElementById('tableado').style.display="none";

document.getElementById('enhtml').style.display="none";

 

if (que == 'tab') {

document.getElementById('tabulado').style.display="block";

modoMuestra='tab';

comoTxt('\t');

} else if (que == 'punto') {

document.getElementById('tabulado').style.display="block";

modoMuestra='punto';

comoTxt(';');

} else if (que == 'tabla') {

document.getElementById('tableado').style.display="block";

modoMuestra='tabla';

comoTabla();

} else if (que == 'html') {

document.getElementById('enhtml').style.display="block";

modoMuestra='html';

comoHTML();

}

return false;

}

function cambiaVista() {

if (mostrarNegativos) {

mostrarNegativos=0;

document.getElementById('botonpositivos').className='positivoOff';

} else {

mostrarNegativos=1;

document.getElementById('botonpositivos').className='positivoOn';

}

redibuja(modoMuestra);

return false;

}

function infoMuestra() {

var estado=opener.document.getElementById('status').innerHTML;

var upped=estado.toUpperCase();

var txt=estado.substr(0,upped.indexOf('<BR'));

txt=txt.replace(/^\s+|\s+$/g, ''); // espacios

txt=txt.replace(/<(.*?)>/g, ''); // tags

return txt;

}

// Capturamos el nombre de la muestra y hora de envio

document.getElementById('nombre').innerHTML=infoMuestra();

comoTabla();

redibuja(modoMuestra);

 

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Fil __desktop.dat mottagen 2008.04.03 16:01:09 (CET)

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.4.3.3

2008.04.03

-

 

AntiVir

7.6.0.80

2008.04.03

-

 

Authentium

4.93.8

2008.04.03

-

 

Avast

4.7.1098.0

2008.04.02

-

 

AVG

7.5.0.516

2008.04.03

-

 

BitDefender

7.2

2008.04.03

-

 

CAT-QuickHeal

9.50

2008.04.02

-

 

ClamAV

0.92.1

2008.04.03

-

 

DrWeb

4.44.0.09170

2008.04.03

-

 

eSafe

7.0.15.0

2008.04.01

-

 

eTrust-Vet

31.3.5667

2008.04.03

-

 

Ewido

4.0

2008.04.03

-

 

FileAdvisor

1

2008.04.03

-

 

Fortinet

3.14.0.0

2008.04.03

-

 

F-Prot

4.4.2.54

2008.04.02

-

 

F-Secure

6.70.13260.0

2008.04.03

-

 

Ikarus

T3.1.1.20

2008.04.03

-

 

Kaspersky

7.0.0.125

2008.04.03

-

 

McAfee

5265

2008.04.02

-

 

Microsoft

1.3408

2008.04.03

-

 

NOD32v2

2998

2008.04.03

-

 

Norman

5.80.02

2008.04.03

-

 

Panda

9.0.0.4

2008.04.03

-

 

Prevx1

V2

2008.04.03

-

 

Rising

20.38.60.00

2008.04.03

-

 

Sophos

4.28.0

2008.04.03

-

 

Sunbelt

3.0.978.0

2008.03.18

-

 

Symantec

10

2008.04.03

-

 

TheHacker

6.2.92.263

2008.04.03

-

 

VBA32

3.12.6.3

2008.03.25

-

 

VirusBuster

4.3.26:9

2008.04.02

-

 

Webwasher-Gateway

6.6.2

2008.04.03

-

 


 

Övrig information

 

File size: 6 bytes

 

MD5: bebd200a92dd18cc91057f5eff8b9b86

 

SHA1: 6c87d5ca73f4a7990a4ff6307ed5041c481ddf10

 

PEiD: -

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Fil devenu.dll mottagen 2008.04.03 16:30:41 (CET)

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.4.3.3

2008.04.03

-

 

AntiVir

7.6.0.80

2008.04.03

TR/Trash.Gen

 

Authentium

4.93.8

2008.04.03

-

 

Avast

4.7.1098.0

2008.04.02

Win32:Pakes-AKM

 

AVG

7.5.0.516

2008.04.03

PSW.Delf.2.AQ

 

BitDefender

7.2

2008.04.03

-

 

CAT-QuickHeal

9.50

2008.04.02

-

 

ClamAV

0.92.1

2008.04.03

-

 

DrWeb

4.44.0.09170

2008.04.03

-

 

eSafe

7.0.15.0

2008.04.01

-

 

eTrust-Vet

31.3.5667

2008.04.03

-

 

Ewido

4.0

2008.04.03

-

 

F-Prot

4.4.2.54

2008.04.02

-

 

F-Secure

6.70.13260.0

2008.04.03

Trojan.Win32.Pakes.cdw

 

FileAdvisor

1

2008.04.03

-

 

Fortinet

3.14.0.0

2008.04.03

-

 

Ikarus

T3.1.1.20

2008.04.03

-

 

Kaspersky

7.0.0.125

2008.04.03

Trojan.Win32.Pakes.cdw

 

McAfee

5265

2008.04.02

-

 

Microsoft

1.3408

2008.04.03

-

 

NOD32v2

2998

2008.04.03

-

 

Norman

5.80.02

2008.04.03

-

 

Panda

9.0.0.4

2008.04.03

-

 

Prevx1

V2

2008.04.03

-

 

Rising

20.38.60.00

2008.04.03

-

 

Sophos

4.28.0

2008.04.03

-

 

Sunbelt

3.0.978.0

2008.03.18

-

 

Symantec

10

2008.04.03

-

 

TheHacker

6.2.92.263

2008.04.03

-

 

VBA32

3.12.6.3

2008.03.25

-

 

VirusBuster

4.3.26:9

2008.04.02

-

 

Webwasher-Gateway

6.6.2

2008.04.03

Trojan.Trash.Gen

 


 

Övrig information

 

File size: 96256 bytes

 

MD5: f4acb79008de9aa8d465f27d384b2245

 

SHA1: a34288272060b8bbb9a4c1a90b953ca69fe4603d

 

PEiD: -

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Fil tablet.dat mottagen 2008.04.03 16:18:11 (CET)

 

 

 

Antivirus

Version

Senaste Uppdatering

Resultat

 

AhnLab-V3

2008.4.3.3

2008.04.03

-

 

AntiVir

7.6.0.80

2008.04.03

-

 

Authentium

4.93.8

2008.04.03

-

 

Avast

4.7.1098.0

2008.04.02

-

 

AVG

7.5.0.516

2008.04.03

-

 

BitDefender

7.2

2008.04.03

-

 

CAT-QuickHeal

9.50

2008.04.02

-

 

ClamAV

0.92.1

2008.04.03

-

 

DrWeb

4.44.0.09170

2008.04.03

-

 

eSafe

7.0.15.0

2008.04.01

-

 

eTrust-Vet

31.3.5667

2008.04.03

-

 

Ewido

4.0

2008.04.03

-

 

FileAdvisor

1

2008.04.03

-

 

Fortinet

3.14.0.0

2008.04.03

-

 

F-Prot

4.4.2.54

2008.04.02

-

 

F-Secure

6.70.13260.0

2008.04.03

-

 

Ikarus

T3.1.1.20

2008.04.03

-

 

Kaspersky

7.0.0.125

2008.04.03

-

 

McAfee

5265

2008.04.02

-

 

Microsoft

1.3408

2008.04.03

-

 

NOD32v2

2998

2008.04.03

-

 

Norman

5.80.02

2008.04.03

-

 

Panda

9.0.0.4

2008.04.03

-

 

Prevx1

V2

2008.04.03

-

 

Rising

20.38.60.00

2008.04.03

-

 

Sophos

4.28.0

2008.04.03

-

 

Sunbelt

3.0.978.0

2008.03.18

-

 

Symantec

10

2008.04.03

-

 

TheHacker

6.2.92.263

2008.04.03

-

 

VBA32

3.12.6.3

2008.03.25

-

 

VirusBuster

4.3.26:9

2008.04.02

-

 

Webwasher-Gateway

6.6.2

2008.04.03

-

 


 

Övrig information

 

File size: 12400 bytes

 

MD5: b10ed5bb0c217acda88ff24d670f8b4f

 

SHA1: e74ecd4702f564723ee3b1871cd4cfa47c4574ec

 

PEiD: -

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ladda ner Avenger på Skrivbordet och packa upp filen där:
http://swandog46.geekstogo.com/avenger2/download.php

Kopiera in följande understrukna rader i Anteckningar:

Files to delete:
C:\ WINDOWS\system32\hhavkkdk.ini
C:\WIND OWS\system32\cupqmmqf.ini
C:\WINDOWS\ system32\yeolsyow.ini
C:\WINDOWS\syst em32\nhhhwjun.ini
C:\WINDOWS\syste m32\xycdd.ini
C:\WINDOWS\system32 \ccddjmis.ini
C:\WINDOWS\system32\ mkttsxln.ini
C:\WINDOWS\system32\bvthwxha.ini
C:\WINDOWS\syste m32\dcdvubgb.ini
C:\WINDOWS\system32\gtphifww.ini
C:\WINDOWS\s ystem32\gxxplfyl.ini
C:\WINDOWS\system32\hfvoaypt.ini
C:\WINDO WS\system32\ipymfjfx.ini
C:\WINDOWS\system32\kheevgrw.ini
C:\W INDOWS\system32\ljJBSiif.dll
C:\WINDOWS\system32\lnnl khgp.ini
C:\WINDOWS\system32\mdnealvu.ini
C:\WINDOWS\system32\ mew bvfpb.ini
C:\WINDOWS\system32\mpwkeihf.ini
C:\WINDOWS\system32 \oqmnsmkw.ini
C:\WINDOWS\system32\pdibglmx.ini
C:\WINDOWS\syst em32\peadvnhk.ini
C:\WINDOWS\system32\qesanrbs.ini
C:\WINDOWS\ system32\qgqchfhf .ini
C:\WINDOWS\system32\qucrgoxh.ini
C:\WINDOWS\system32\stuk jptj.ini
C:\WINDOWS\system32\tbucytl p.ini
C:\WINDOWS\system32\ugeptjpq.in i
C:\WINDOWS\system32\vifalpam.ini
C:\WINDOWS\system32\ycviwyg f.ini
C:\WINDOWS\system32\devenu.dll

Registry values to delete:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]
[-HKEY_LOCAL_MACHINE\~\Brows er Helper Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Servi ces\amwdygot]

Starta Avenger.
I den stora rutan så klistrar du in texten som finns i Anteckningar.
Bocka i rutan Scan for rootkits om den inte redan är ibockad.
Tryck på Execute för att starta det.
Datorn startar nu om (kanske två gånger).
Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Hej igen. Först vill jag bara säga att jag är så tacksam för att du hjälper oss! Jag förstår inte hur du bär dig åt för att komma på/veta vad som bör göras. Imponerad!

Det var en del skipping lines i scriptet ovan, jag rörsökte rätta till emn är inte säker på att det blev bra. Kanske måste det här göras om? Här kommer loggen i alla fall.

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 03 22:03:48 2008

22:02:56: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]"
Skipping line.  (Registry value deletion mode) 
22:03:18: Error: Invalid syntax in command:
"[-HKEY_LOCA L_MACHINE\~\Brows er Helper Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]"
Skipping line.  (Registry value deletion mode) 
22:03:20: Error: Invalid syntax in command:
"[-HKEY_LOCA L_MACHINE\System\ControlSet001\Servi ces\amwdygot]"
Skipping line.  (Registry value deletion mode) 
22:03:48: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 03 22:04:48 2008

22:04:24: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]"
Skipping line.  (Registry value deletion mode) 
22:04:27: Error: Invalid syntax in command:
"[-HKEY_LOCA L_MACHINE\~\BrowserHelperObjects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]"
Skipping line.  (Registry value deletion mode) 
22:04:29: Error: Invalid syntax in command:
"[-HKEY_LOCA L_MACHINE\System\ControlSet001\Services\amwdygot]"
Skipping line.  (Registry value deletion mode) 


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  could not open file "C:\ WINDOWS\system32\hhavkkdk.ini"
Deletion of file "C:\ WINDOWS\system32\hhavkkdk.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\WIND OWS\system32\cupqmmqf.ini"
Deletion of file "C:\WIND OWS\system32\cupqmmqf.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\WINDOWS\ system32\yeolsyow.ini"
Deletion of file "C:\WINDOWS\ system32\yeolsyow.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\WINDOWS\syst em32\nhhhwjun.ini"
Deletion of file "C:\WINDOWS\syst em32\nhhhwjun.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\WINDOWS\syste m32\xycdd.ini"
Deletion of file "C:\WINDOWS\syste m32\xycdd.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\WINDOWS\system32 \ccddjmis.ini"
Deletion of file "C:\WINDOWS\system32 \ccddjmis.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\ mkttsxln.ini" not found!
Deletion of file "C:\WINDOWS\system32\ mkttsxln.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\bvthwxha.ini" not found!
Deletion of file "C:\WINDOWS\system32\bvthwxha.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\syste m32\dcdvubgb.ini"
Deletion of file "C:\WINDOWS\syste m32\dcdvubgb.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\gtphifww.ini" not found!
Deletion of file "C:\WINDOWS\system32\gtphifww.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\s ystem32\gxxplfyl.ini"
Deletion of file "C:\WINDOWS\s ystem32\gxxplfyl.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\hfvoaypt.ini" not found!
Deletion of file "C:\WINDOWS\system32\hfvoaypt.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDO WS\system32\ipymfjfx.ini"
Deletion of file "C:\WINDO WS\system32\ipymfjfx.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\kheevgrw.ini" not found!
Deletion of file "C:\WINDOWS\system32\kheevgrw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\W INDOWS\system32\ljJBSiif.dll"
Deletion of file "C:\W INDOWS\system32\ljJBSiif.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\lnnl khgp.ini" not found!
Deletion of file "C:\WINDOWS\system32\lnnl khgp.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mdnealvu.ini" not found!
Deletion of file "C:\WINDOWS\system32\mdnealvu.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ mew bvfpb.ini" not found!
Deletion of file "C:\WINDOWS\system32\ mew bvfpb.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mpwkeihf.ini" not found!
Deletion of file "C:\WINDOWS\system32\mpwkeihf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\system32 \oqmnsmkw.ini"
Deletion of file "C:\WINDOWS\system32 \oqmnsmkw.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\pdibglmx.ini" not found!
Deletion of file "C:\WINDOWS\system32\pdibglmx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\syst em32\peadvnhk.ini"
Deletion of file "C:\WINDOWS\syst em32\peadvnhk.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\qesanrbs.ini" not found!
Deletion of file "C:\WINDOWS\system32\qesanrbs.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\ system32\qgqchfhf .ini"
Deletion of file "C:\WINDOWS\ system32\qgqchfhf .ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\WINDOWS\system32\qucrgoxh.ini" not found!
Deletion of file "C:\WINDOWS\system32\qucrgoxh.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\stuk jptj.ini" not found!
Deletion of file "C:\WINDOWS\system32\stuk jptj.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\tbucytl p.ini" not found!
Deletion of file "C:\WINDOWS\system32\tbucytl p.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ugeptjpq.in i" not found!
Deletion of file "C:\WINDOWS\system32\ugeptjpq.in i" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\vifalpam.ini" not found!
Deletion of file "C:\WINDOWS\system32\vifalpam.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ycviwyg f.ini" not found!
Deletion of file "C:\WINDOWS\system32\ycviwyg f.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\system32\devenu.dll"
Deletion of file "C:\WINDOWS\system32\devenu.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished!  Terminate.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det gick tydligen inte så bra med det där.
Jag ser att det blir en massa instoppade mellanrum när man kopierar det.
Hämta filen på den här länken http://www.skickafilen.se/download.jsp?fileid=dhxJpzUm72LGJGtrXBkZ
Spara på Skrivbordet och öppna den med Anteckningar.

Starta Avenger.
I den stora rutan så klistrar du in texten som finns i Anteckningar.
Bocka i rutan Scan for rootkits om den inte redan är ibockad.
Tryck på Execute för att starta det.
Datorn startar nu om (kanske två gånger).
Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 14:04:52 2008

14:04:41: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\~\Browser_Helper_Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]"
Skipping line.  (Registry value deletion mode)  
14:04:42: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\~\Browser_Helper_Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}]"
Skipping line.  (Registry value deletion mode)  
14:04:43: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amwdygot]"
Skipping line.  (Registry value deletion mode)  


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\hhavkkdk.ini" deleted successfully.
File "C:\WINDOWS\system32\cupqmmqf.ini" deleted successfully.
File "C:\WINDOWS\system32\yeolsyow.ini" deleted successfully.
File "C:\WINDOWS\system32\nhhhwjun.ini" deleted successfully.
File "C:\WINDOWS\system32\xycdd.ini" deleted successfully.
File "C:\WINDOWS\system32\ccddjmis.ini" deleted successfully.
File "C:\WINDOWS\system32\mkttsxln.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\bvthwxha.ini" not found!
Deletion of file "C:\WINDOWS\system32\bvthwxha.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\dcdvubgb.ini" not found!
Deletion of file "C:\WINDOWS\system32\dcdvubgb.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gtphifww.ini" not found!
Deletion of file "C:\WINDOWS\system32\gtphifww.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gxxplfyl.ini" not found!
Deletion of file "C:\WINDOWS\system32\gxxplfyl.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\hfvoaypt.ini" not found!
Deletion of file "C:\WINDOWS\system32\hfvoaypt.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ipymfjfx.ini" not found!
Deletion of file "C:\WINDOWS\system32\ipymfjfx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\kheevgrw.ini" not found!
Deletion of file "C:\WINDOWS\system32\kheevgrw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ljJBSiif.dll" not found!
Deletion of file "C:\WINDOWS\system32\ljJBSiif.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\lnnlkhgp.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\mdnealvu.ini" not found!
Deletion of file "C:\WINDOWS\system32\mdnealvu.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\mewbvfpb.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\mpwkeihf.ini" not found!
Deletion of file "C:\WINDOWS\system32\mpwkeihf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\oqmnsmkw.ini" not found!
Deletion of file "C:\WINDOWS\system32\oqmnsmkw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\pdibglmx.ini" not found!
Deletion of file "C:\WINDOWS\system32\pdibglmx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\peadvnhk.ini" not found!
Deletion of file "C:\WINDOWS\system32\peadvnhk.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qesanrbs.ini" not found!
Deletion of file "C:\WINDOWS\system32\qesanrbs.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\qgqchfhf.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\qucrgoxh.ini" not found!
Deletion of file "C:\WINDOWS\system32\qucrgoxh.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\stukjptj.ini" not found!
Deletion of file "C:\WINDOWS\system32\stukjptj.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\tbucytlp.ini" deleted successfully.
File "C:\WINDOWS\system32\ugeptjpq.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\vifalpam.ini" not found!
Deletion of file "C:\WINDOWS\system32\vifalpam.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ycviwygf.ini" not found!
Deletion of file "C:\WINDOWS\system32\ycviwygf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\WINDOWS\system32\devenu.dll"
Deletion of file "C:\WINDOWS\system32\devenu.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished!  Terminate.

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Ja verkligen Cecilia. En riktig illbatting! Vet du vad den egentligen har för sig i datorn?

Filen du länkar till är raderad står det när jag kommer till "skickafilen".

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Någon annan som har roat sig med att ladda ner den. Verkar ju dumt för den är ju inte till nytta för någon annan.
Nytt försök:
http://www.skickafilen.se/download.jsp?fileid=VznvdJ7k6T4MZD5gFTds

Kan tydligen ladda ner filer från internet och visa annonser:
http://www.threatexpert.com/report.aspx?uid=86f2e100-45ef-4003-9f7c-f01c44a7325c

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 14:12:49 2008

14:12:47: Error: Invalid syntax in command:
"[-HKEY_LOCAL_MACHINE\~\Browser_Helper_Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}]"
Skipping line.  (Registry value deletion mode)  
14:12:49: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 10:54:30 2008

10:54:24: Error: Invalid registry syntax in command:
"HKEY_LOCA L_MACHINE\~\Brows er Helper Objects\{79CE1432-98CD-4AA2-84C3-086D63AC8B2D}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode)  


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\hhavkkdk.ini" not found!
Deletion of file "C:\WINDOWS\system32\hhavkkdk.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\cupqmmqf.ini" not found!
Deletion of file "C:\WINDOWS\system32\cupqmmqf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\yeolsyow.ini" not found!
Deletion of file "C:\WINDOWS\system32\yeolsyow.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\nhhhwjun.ini" not found!
Deletion of file "C:\WINDOWS\system32\nhhhwjun.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\xycdd.ini" not found!
Deletion of file "C:\WINDOWS\system32\xycdd.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ccddjmis.ini" not found!
Deletion of file "C:\WINDOWS\system32\ccddjmis.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mkttsxln.ini" not found!
Deletion of file "C:\WINDOWS\system32\mkttsxln.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\bvthwxha.ini" not found!
Deletion of file "C:\WINDOWS\system32\bvthwxha.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\dcdvubgb.ini" not found!
Deletion of file "C:\WINDOWS\system32\dcdvubgb.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gtphifww.ini" not found!
Deletion of file "C:\WINDOWS\system32\gtphifww.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gxxplfyl.ini" not found!
Deletion of file "C:\WINDOWS\system32\gxxplfyl.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\hfvoaypt.ini" not found!
Deletion of file "C:\WINDOWS\system32\hfvoaypt.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ipymfjfx.ini" not found!
Deletion of file "C:\WINDOWS\system32\ipymfjfx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\kheevgrw.ini" not found!
Deletion of file "C:\WINDOWS\system32\kheevgrw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ljJBSiif.dll" not found!
Deletion of file "C:\WINDOWS\system32\ljJBSiif.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\lnnlkhgp.ini" not found!
Deletion of file "C:\WINDOWS\system32\lnnlkhgp.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mdnealvu.ini" not found!
Deletion of file "C:\WINDOWS\system32\mdnealvu.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mewbvfpb.ini" not found!
Deletion of file "C:\WINDOWS\system32\mewbvfpb.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\mpwkeihf.ini" not found!
Deletion of file "C:\WINDOWS\system32\mpwkeihf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\oqmnsmkw.ini" not found!
Deletion of file "C:\WINDOWS\system32\oqmnsmkw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\pdibglmx.ini" not found!
Deletion of file "C:\WINDOWS\system32\pdibglmx.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\peadvnhk.ini" not found!
Deletion of file "C:\WINDOWS\system32\peadvnhk.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qesanrbs.ini" not found!
Deletion of file "C:\WINDOWS\system32\qesanrbs.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qgqchfhf.ini" not found!
Deletion of file "C:\WINDOWS\system32\qgqchfhf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\qucrgoxh.ini" not found!
Deletion of file "C:\WINDOWS\system32\qucrgoxh.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\stukjptj.ini" not found!
Deletion of file "C:\WINDOWS\system32\stukjptj.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\tbucytlp.ini" not found!
Deletion of file "C:\WINDOWS\system32\tbucytlp.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ugeptjpq.ini" not found!
Deletion of file "C:\WINDOWS\system32\ugeptjpq.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\vifalpam.ini" not found!
Deletion of file "C:\WINDOWS\system32\vifalpam.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ycviwygf.ini" not found!
Deletion of file "C:\WINDOWS\system32\ycviwygf.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\devenu.dll" replaced with dummy successfully.
Driver "amwdygot" deleted successfully.

Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bccb07-8f57-45cb-b59e-e187b0fb61ac}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:14, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Creative\Shared Files\CAMTRAY.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Winamp Remote\bin\OrbTray.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\RALINK\Common\RaUI.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Last.fm\LastFMHelper.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Winamp Remote\bin\Orb.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Winamp\winamp.exe
C:\Program\Last.fm\LastFM.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll
O2 - BHO: {ca16bf0b-781e-e95b-bc54-75f870bccb05} - {50bccb07-8f57-45cb-b59e-e187b0fb61ac} - C:\WINDOWS\system32\qwttagcr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79CE1432-98CD-4AA2-84C3-086D63AC8B2D} - C:\WINDOWS\system32\devenu.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [bM6bda8334] Rundll32.exe "C:\WINDOWS\system32\gvxilbvo.dll",s
O4 - HKLM\..\Run: [68e9b0a8] rundll32.exe "C:\WINDOWS\system32\khnvdaep.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program\RALINK\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcayaw - efcayaw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7445 bytes

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Skanna med HijackThis och bocka för:

O2

- BHO: {ca16bf0b-781e-e95b-bc54-75f870bccb05} -

{50bccb07-8f57-45cb-b59e-e187b0fb61ac} -

C:\WINDOWS\system32\qwttagcr.dll (file missing)
O2 - BHO: (no name) - {79CE1432-98CD-4AA2-84C3-086D63AC8B2D} - C:\WINDOWS\system32\devenu.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [bM6bda8334] Rundll32.exe "C:\WINDOWS\system32\gvxilbvo.dll",s
O4 - HKLM\..\Run: [68e9b0a8] rundll32.exe "C:\WINDOWS\system32\khnvdaep.dll",b
O20 - Winlogon Notify: efcayaw - efcayaw.dll (file missing)

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.
Hur uppför sig datorn nu?

Länk till kommentar
Dela på andra webbplatser
SussSuss

SussSuss

Postad
  • Trådskapare
Postad

Cecilia!
Du ska ha ett stort tack! Raderna är borta ur Hijack This-loggen och datorn är befriad från varningarna som poppade upp om saknade .dll-filer pompoms.gif

Kunde jag skicka dig en ros skulle jag biggrin.png

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...