Just nu i M3-nätverket
Jump to content

Popup


Paul R

Recommended Posts

Hej

Jag får upp ett popupfönster ifrån Celldorado i tid och otid. Detta är ett förbaskat otyg som poppar upp lite titt som tätt! Jag har windows popupblockerare som fungerar på dom flesta internetsajter men tar inte bort ovannämda. Det som dom verkar vilja är att du skall köpa en "skärmsläckare" till din mobil gratis (nåja). Och är det inte det så är det "nakna kvinnor". Någon som vet hur man får stopp på detta otyg?

Link to comment
Share on other sites

Flyttar tråden från Internet och nätverk till Virus och säkerhetsfrågor eftersom du har drabbats av något skadligt program.
Cecilia - Smart-moderator

Vi kan se om ComboFix visar något till att börja med. Ladda ner till Skrivbordet:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Dra ur internetanslutningen och stäng av alla program du ser

inklusive antivirusprogram, antispionprogram och brandvägg, alternativt

starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, bifoga den till ditt svar.

Kontrollera att antivirusprogram och brandvägg är igång innan du

ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning!

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter

för att göra det lättare att rensa datorn. Det kan bli problem t ex om

du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i

stället för att köra ComboFix.

Link to comment
Share on other sites

Hej igen

Tack för hjälpen. Nu verkade det som det fungerade det har inte kommit upp något på den senaste timmen (peppar,peppar). Jag förstod inte riktigt på ditt svar om det var så att du ville se loggen?  (det var inte dåligt med text som stod i loggen) 

Link to comment
Share on other sites

Ibland så finns det skadliga filer kvar efter att ComboFix-loggen har kört och då är det bra att titta på loggen så man ser det. Men om den är väldigt stor så ladda hellre upp filen på din profil-sida här i Smart, tryck på Filer i den svarta menyraden högt upp på sidan. När det är klart så skriv ett inlägg här.

Link to comment
Share on other sites

omboFix 08-05-27.4 - Paul Rahmquist 2008-05-28  1:42:24.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1053.18.1263 [GMT 2:00]
Running from: C:\Documents and Settings\Paul Rahmquist\Skrivbord\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\boymkddrl.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\boymkddrl.exe
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\boymkddrl_nav.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\boymkddrl_navps.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\jtcczs.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\jtcczs_nav.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\jtcczs_navps.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\veuftoqwc.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\veuftoqwc_nav.dat
C:\Documents and Settings\Paul R\Lokala inställningar\Application Data\veuftoqwc_navps.dat
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvs2.inf

.
(((((((((((((((((((((((((   Files Created from 2008-04-27 to 2008-05-27  )))))))))))))))))))))))))))))))
.

2008-05-27 22:25 . 2008-05-27 22:32 <KAT> d-------- C:\Program\RegCure
2008-05-20 01:43 . 2008-05-20 01:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-18 00:37 . 2008-05-18 00:37 <KAT> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-17 23:52 . 2008-05-17 23:52 <KAT> d-------- C:\Program\Bonjour
2008-05-11 23:30 . 2008-05-11 23:30 <KAT> d-------- C:\WINDOWS\l2schemas
2008-05-11 23:21 . 2008-05-11 23:30 <KAT> d-------- C:\WINDOWS\ServicePackFiles
2008-05-11 22:42 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-11 22:39 . 2004-07-17 11:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-05-04 01:56 . 2008-05-04 02:16 <KAT> d-------- C:\Program\Team MediaPortal
2008-05-04 01:56 . 2008-05-04 02:16 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-05-04 01:29 . 2008-05-04 01:29 0 --------- C:\WINDOWS\WB.ini
2008-05-04 01:27 . 2008-05-04 01:27 <KAT> d-------- C:\Program\Stardock
2008-05-04 01:27 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-05-03 20:57 . 2008-05-03 20:57 <KAT> d-------- C:\Program\Garmin
2008-05-03 20:57 . 2008-05-03 20:57 <KAT> d-------- C:\Documents and Settings\Paul R\Application Data\GARMIN
2008-05-01 23:49 . 2008-05-01 23:49 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-01 23:49 . 2008-05-01 23:49 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-04-28 02:34 . 2008-04-28 02:34 <KAT> d----c--- C:\CRYO
2008-04-28 02:05 . 2008-04-28 02:35 <KAT> d-------- C:\WINDOWS\system32\LogFiles(3)
2008-04-27 23:08 . 2008-04-28 02:35 <KAT> d-------- C:\Program\Spyware-Secure
2008-04-27 17:48 . 2008-04-28 02:35 <KAT> d-------- C:\WINDOWS\system32\LogFiles
2008-04-27 17:30 . 2008-04-28 02:35 <KAT> d-------- C:\Program\Lavasoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 23:44 --------- d-----w C:\Documents and Settings\Paul R\Application Data\BitTorrent
2008-05-27 23:39 --------- d-----w C:\Documents and Settings\Paul R\Application Data\DNA
2008-05-27 19:26 --------- d-----w C:\Program\Unlocker
2008-05-27 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-19 23:31 --------- d-----w C:\Program\Miranda IM
2008-05-17 21:52 --------- d-----w C:\Program\Kiwee Toolbar2
2008-05-17 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-05-08 18:41 --------- d-----w C:\Program\Startup Inspector for Windows
2008-05-04 00:45 --------- d-----w C:\Documents and Settings\Paul R\Application Data\wsInspector
2008-05-04 00:09 --------- d-----w C:\Program\Microsoft SQL Server
2008-05-04 00:07 --------- d-----w C:\Program\Microsoft.NET
2008-04-29 13:19 --------- d-----w C:\Documents and Settings\Paul R\Application Data\Image Zone Express
2008-04-28 00:35 --------- d-----w C:\Program\TweakNow RegCleaner Std
2008-04-28 00:34 --------- d-----w C:\Program\Oni
2008-04-27 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-27 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-27 15:30 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2008-04-17 17:00 --------- d-----w C:\Program\ICQ6
2008-04-17 16:58 --------- d-----w C:\Program\Apple Software Update
2008-04-14 17:09 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 17:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-14 17:03 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-14 17:03 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-14 17:03 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-14 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-14 16:18 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:04 246,272 ----a-w C:\WINDOWS\system32\es(2).dll
2008-04-14 11:15 --------- d-----w C:\Program\Sony Ericsson
2008-04-13 20:47 --------- d-----w C:\Program\Avanquest update
2008-04-13 20:46 --------- d--h--w C:\Program\InstallShield Installation Information
2008-04-13 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-13 20:45 --------- d-----w C:\Documents and Settings\Paul R\Application Data\InstallShield
2008-04-13 15:18 --------- d-----w C:\Program\Telia
2008-04-13 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2008-04-12 21:24 --------- d-----w C:\Program\LyricsJoy
2008-04-11 17:52 --------- d-----w C:\Documents and Settings\Paul R\Application Data\Apple Computer
2008-04-10 14:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-10 14:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-09 15:13 --------- d-----w C:\Program\DivX
2008-04-06 15:45 --------- d-----w C:\Program\iTunes
2008-04-06 15:45 --------- d-----w C:\Program\iPod
2008-04-06 15:44 --------- d-----w C:\Program\QuickTime
2008-04-06 15:43 --------- d-----w C:\Program\Winamp
2008-04-06 15:41 --------- d-----w C:\Program\Delade filer\Apple
2008-04-06 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 14:58 --------- d-----w C:\Program\Conduit
2008-04-06 14:48 --------- d-----w C:\Program\TPTEST5
2008-04-06 14:48 --------- d-----w C:\Program\Minilyrics
2008-04-06 14:48 --------- d-----w C:\Program\DNA
2008-04-06 14:48 --------- d-----w C:\Program\Ashampoo
2008-04-06 14:47 --------- d-----w C:\Documents and Settings\Paul Rahmquist\Application Data\SAMSUNG
2008-04-06 14:46 --------- d-----w C:\Program\Ubisoft
2008-04-06 14:46 --------- d-----w C:\Program\ICQ6(2)
2008-04-06 14:45 --------- d-----w C:\Program\Winamp Remote
2008-04-06 14:45 --------- d-----w C:\Program\SecondLife
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\Paul Rahmquist\Application Data\SecondLife
2008-04-06 14:44 --------- d-----w C:\Program\Java
2008-04-06 14:44 --------- d-----w C:\Program\Delade filer\Adobe
2008-04-06 14:20 --------- d-----w C:\Program\EA GAMES
2008-04-01 13:12 --------- d-----w C:\Documents and Settings\Paul Rahmquist\Application Data\Preclick
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:52 162,592 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 16:32 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-08 14:43 22,328 -c--a-w C:\Documents and Settings\Paul R\Application Data\PnkBstrK.sys
2007-10-01 19:35 1 -c--a-w C:\Documents and Settings\Paul R\SI.bin
.

------- Sigcheck -------

2004-08-04 14:00  14336  22d8a75754b7b9ecc4753e3c09a56b18 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 14:00  14336  22d8a75754b7b9ecc4753e3c09a56b18 C:\WINDOWS\system32\svchost.exe

2005-03-02 20:21  577024  9e1d00980a3049018ca4f88a393039df C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  3e8b53e05155bcd52ca2d38d1f222dc0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:39  577536  5f35963477143b0aa1527af61b8bab09 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 14:00  577024  3e9523a6915656f639a49ebf8453ca00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:19  577024  90e96b3930709ed71ffed80fe122dd39 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:39  577536  5f35963477143b0aa1527af61b8bab09 C:\WINDOWS\system32\user32.dll
2007-03-08 17:39  577536  5f35963477143b0aa1527af61b8bab09 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 14:00  82944  cd46885df74086059a723209990298a9 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 14:00  82944  cd46885df74086059a723209990298a9 C:\WINDOWS\system32\ws2_32.dll

2005-09-03 01:55  660992  858630d7dda6badadce01cd2a5c38766 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-03 04:11  659968  ba9782f552ecfbf018fe99e4f9cf7715 C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 05:40  662016  d3b9f978b4927b4a674546896bf981ef C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:01  664064  819e02a05620b87947b36b7116be7d8c C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 07:27  664064  193ebb237b05182975ee44bda3405af1 C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2007-03-07 19:40  823296  4a3cd2af6ed72409e24c8bce4884bd7c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:35  823808  ce6ceecc6c03c19021b3fa79d46220d6 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:14  824320  e91e48460c63a978bf7698e4d5bfc63c C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:51  825344  8d8a997682f862b5911d2415673509a0 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:42  825344  bde874a25c35a9b2648b1bf510595f12 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:59  825344  520880d2467f57dd5325790f0c799b3e C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:49  827392  893312e4b19721a4de83411c4babab61 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2005-07-03 04:17  658944  9ac56896368df693d6c6b1c49619f35b C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-09-03 01:55  658944  4d4137857d9dacc4164ca392e489e40b C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-21 05:42  658944  86bf3664b86c59c669d8ff99b150f105 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-04 05:36  658944  f433a7566f00377cccb60641d54eb454 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:25  658944  e9372769a6f16d88a5073a18d7271ecd C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:26  665088  466146844c05dd41e7da573e2f52634a C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03  818688  92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27  822784  be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 19:42  822784  a7260f689f6f2d14ce96ec5ddfde62c6 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:45  822784  38301da426800fbc32929c91031d436d C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 16:10  823808  2bc70ee828badcf36074f8790ebf21bf C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:02  824832  a6595b9a6da2527c3677f24fb3d9a5e1 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:53  824832  41669fad846f6c003c1ffd8b747c6fa4 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:14  824832  f8657486ce7494f9371057957642083a C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 15:02  826368  f51a84f3b4109769f91e6348d01e2ac1 C:\WINDOWS\system32\wininet.dll
2008-03-01 15:02  826368  f51a84f3b4109769f91e6348d01e2ac1 C:\WINDOWS\system32\dllcache\wininet.dll

2005-05-25 21:07  359936  63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07  360448  5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 14:00  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04  359808  88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28  359808  583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20  360064  90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 14:00  502272  3e080d3d4f81b0638766ccc4d7707d10 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 14:00  502272  3e080d3d4f81b0638766ccc4d7707d10 C:\WINDOWS\system32\winlogon.exe

2004-08-04 14:00  182912  558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 14:00  182912  558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 14:00  29056  4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 14:00  29056  4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:14  2057728  31d7044bcd9abebc6082e5acad95adbb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09  2018304  916f1de6bc896570e29944c02b89d3e2 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 03:25  2016256  ac0284721c96c699d4893a91625293ec C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:09  2016256  df6fd88788f648bf777a1f5489da71d5 C:\WINDOWS\$NtUninstallKB909095$\ntkrnlpa.exe
2005-10-12 20:24  2016256  30e5404dbe5644aa8dbccb1f319de49e C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 20:47  2018304  a7e2d3a6f8001256d94e6e6e8a950be9 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:09  2060160  80691b07cac39b56dfb2df5abe78f18e C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:09  2018304  916f1de6bc896570e29944c02b89d3e2 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:09  2060160  80691b07cac39b56dfb2df5abe78f18e C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:15  2180352  ef7e05a2969b095c210b8ff6d429b640 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09  2138624  e7b3e4efb29f1b48062e6bca52b651e5 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 03:24  2149376  9fdbb2b041ea089e9f83efa8bc57f868 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2136576  868737add0feaae327a7d897ebf24691 C:\WINDOWS\$NtUninstallKB909095$\ntoskrnl.exe
2005-10-12 20:24  2137088  2e5c1dedcfbf54f6f2bd00e28cea847d C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 20:47  2138624  cd15fb4826ccfe4477d1431afcc65656 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:09  2182912  7bd1227fc18fadaf2433e72a20f65536 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:09  2138624  e7b3e4efb29f1b48062e6bca52b651e5 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:09  2182912  7bd1227fc18fadaf2433e72a20f65536 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:23  1033728  96d1dde74e550113d2fcb97c8a4c43cb C:\WINDOWS\explorer.exe
2007-06-13 15:12  1033728  75cf621935a2138bb0dd354bb72548fc C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:23  1033728  96d1dde74e550113d2fcb97c8a4c43cb C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00  1032704  87a3c8ead27cf3591713d629d8bcb990 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23  1033728  96d1dde74e550113d2fcb97c8a4c43cb C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 14:00  108032  0df00535e2f5aefaead3a800f75137af C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 14:00  108032  0df00535e2f5aefaead3a800f75137af C:\WINDOWS\system32\services.exe

2004-08-04 14:00  13312  ba428312d9a0726e4c07c2037e882520 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 14:00  13312  ba428312d9a0726e4c07c2037e882520 C:\WINDOWS\system32\lsass.exe

2004-08-04 14:00  15360  febe82a289a6645e26b27f3a0a4d2b84 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 14:00  15360  febe82a289a6645e26b27f3a0a4d2b84 C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe/background" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2005-12-19 21:00 20480]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 07:59 68856]
"BitTorrent DNA"="C:\Program\DNA\btdna.exe" [2008-05-08 20:26 289088]
"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184]
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 16:19 356352]
"ICQ"="C:\Program\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure TNB"="C:\Program\com hem security\FSGUI\TNBUtil.exe" [2007-11-01 13:42 739936]
"F-Secure Manager"="C:\Program\com hem security\Common\FSM32.exe" [2007-11-01 13:42 182936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"DMXLauncher"="C:\Program\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]
"type32"="C:\Program\Microsoft IntelliType Pro\type32.exe" [2005-03-15 11:46 196608]
"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"Net iD"="C:\WINDOWS\system32\iid.exe" [2007-03-15 10:11 67112]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe-start" [ ]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"IntelliPoint"="C:\Program\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088]
"IAAnotif"="C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"AGEIA PhysX SysTray"="C:\Program\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NWEReboot"="" []
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-08-20 11:58 2483496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

C:\Documents and Settings\Paul R\Start-meny\Program\Autostart\
Webshots.lnk - C:\Program\Webshots\Launcher.exe [2006-01-09 20:22:02 157008]
Windows Live Messenger .lnk - C:\Program\Windows Live\Messenger\msnmsgr.exe [2007-10-18 12:35:08 5724184]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
dlbcserv.lnk - C:\Program\Dell Photo Printer 720\dlbcserv.exe [2005-12-12 10:36:41 315392]
Google Updater.lnk - C:\Program\Google\Google Updater\GoogleUpdater.exe [2007-01-07 01:43:30 124912]
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-19 21:00:56 450560]
Service Manager.lnk - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
WinZip Quick Pick.lnk - C:\Program\WinZip\WZQKPICK.EXE [2007-05-13 00:33:52 389120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\BitTorrent\\bittorrent.exe"=
"C:\\Program\\ICQ6\\ICQ.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program\\DNA\\btdna.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 13:41]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program\com hem security\HIPS\fshs.sys [2008-02-13 13:11]
R2 NMSAccessU;NMSAccessU;C:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program\com hem security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 13:42]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-03-13 06:24]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
S3 FXDRV;FXDRV;E:\Fxdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-14 19:03]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 22:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 22:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 22:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 22:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 22:06]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 22:06]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-08-03 13:37]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program\com hem security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 13:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program\com hem security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 13:42]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 07:11:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2008-05-27 23:39:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program\Windows Defender\MpCmdRun.exe
"2008-05-27 21:09:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program\RegCure\RegCure.exe
"2008-05-27 20:25:11 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program\RegCure\RegCure.exe
"2008-05-27 23:39:49 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\Program\COMHEM~1\ANTI-V~1\fsav.exeP /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\Program\COMHEM~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 01:46:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28  1:47:55
ComboFix-quarantined-files.txt  2008-05-27 23:47:48

Pre-Run: 145,717,035,008 byte ledigt
Post-Run: 145,807,220,736 byte ledigt

386 --- E O F --- 2008-05-18 10:49:47

Link to comment
Share on other sites

22:32 <KAT> d-------- C:\Program\RegCure
Verkar vara ett tveksamt program med tanke på kommentarerna på http://www.siteadvisor.com/sites/regcure.com

2008-05-17 21:52 --------- d-----w C:\Program\Kiwee Toolbar2
Deras "privacy policy" är inte helt rumsren. Överväg om du verkligen behöver programmet.

Avinstallera Spyware-Secure och ta sedan bort mappen C:\Program\Spyware-Secure.

Surfa till http://www.virustotal.com klistra in följande filnamn i

rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Skriv här om det hittas något skadligt i filen.
C:\WINDOWS\_MSRSTRT.EXE

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...