|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23 juni 2009, 10:38
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Jeg har for nylig hentet et tema ansøgning. Efter installation, Kaspersky bedt en indberetning siger computer er inficeret med MultiPacked.Multi.Generic malware. Min Kaspersky holdt op med at fungere og mine vinduer tema er væk-Jeg går i stå med vinduer klassiker. Help please! |
|
#2
23 juni 2009, 11:25
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Prøv at få mig nogen af de logger du kan herfra. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 juni 2009, 11:44
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Ligner de fora haft en. Send venligst disse DDS logfiler. Download DDS fra | HER | eller | HER | eller | HER | og gemme den på dit skrivebord. Vista-brugere højreklikke på dds og vælge Kør som administrator (du vil modtage en UAC prompt, lad det) * XP-brugere Dobbeltklik på dds at køre den. * Hvis dit antivirus eller firewall forsøge at blokere DDS skal du lade den køre. * Når du er færdig DDS vil åbne to (2) logfiler. 1) DDS.txt 2) Attach.txt * Gem både logger på skrivebordet. * Du kopiere og indsætte hele indholdet i både logfilerne i dit næste svar. Bemærk: DDS vil instruere dig til at sende den Attach.txt log som en vedhæftet fil. Vær venlig at sende det som du ville enhver anden log ved at kopiere og indsætte det i svaret.
__________________ |
|
#4
24 juni 2009, 13:55
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14.01) - NTFSx86 Kør med musen på 16:53:23.36 på onsdag 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-access scanning handicappede * (Opdateret) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiveret * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Kørende processer =============== C: \ WINDOWS \ system32 \ Svchost-k DcomLaunch Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ Svchost.exe-k WudfServiceGroup Svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programmer \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Programmer \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Programmer \ Creative \ Sound Blaster X-Fi \ bind Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programmer \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ mikroer ~ 4 \ rapimgr.exe Svchost.exe C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programmer \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ Svchost.exe-k imgsvc C: \ Programmer \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Programmer \ synspunkt \ Common \ ViewpointService.exe C: \ Programmer \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ Svchost.exe-k HTTPFilter C: \ Programmer \ Mozilla Firefox \ firefox.exe C: \ Programmer \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Rapport =============== uStart Page = hxxp: / / google.com / uInternet Settings, ProxyOverride = *. lokale BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - c: \ Programmer \ Fælles filer \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (Mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - c: \ program files \ skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO klasse: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - c: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - c: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl klasse: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - c: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - c: \ program files \ veoh netværk \ veoh \ plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - nr. File uRun: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection Agent] "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "c: \ program files \ kreative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "c: \ program files \ kreative \ fælles filer \ modul loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "c: \ program files \ kreative \ fælles filer \ modul loader \ dllml.exe" -1 audiodrvemulator "c: \ program files \ kreative \ fælles filer \ modul loader \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "c: \ program files \ kreative \ Sound Blaster X-Fi \ volumen panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "c: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "c: \ Programmer \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Programmer \ Fælles filer \ Apple \ mobilenhed støtte \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "c: \ Programmer \ iTunes \ iTunesHelper.exe" IE: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - c: \ Programmer \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - c: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ mikroer ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ mikroer ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - c: \ program files \ skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - c: \ Programmer \ Fælles filer \ Microsoft Shared \ Webmapper \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ fælles ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Notify:! SASWinLogon - c: \ program files \ superantispyware \ SASWINLO.DLL Advisér: klogon - C: \ Windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ Kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook klasse: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - c: \ program files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= TJENESTER / drivers =============== R0 kl1; Kl1; C: \ Windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver c: \ Windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver c: \ Windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL c: \ program files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; C: \ Windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security c: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> c: \ Programmer \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 synspunkt Manager Service; synspunkt Manager Service c: \ program files \ synspunkt \ Common \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; C: \ Windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus midlertidige NDIS Filter; C: \ Windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM c: \ program files \ superantispyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV c: \ program files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; C: \ Windows \ system32 \ drivers \ Cuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; C: \ Windows \ syste m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Oprettet Seneste 30 ================ 2009-06-17 13:58 <DIR> - d ----- c: \ program files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- c: \ Programmer \ iPod 2009-06-13 12:32 <DIR> - d ----- c: \ Programmer \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== Medmindre dette specifikt er instrueret, DON'T POST Denne logfil. Hvis der anmodes om, ZIP IT UP & VEDLÆG IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Opstartsenhed: \ Device \ HarddiskVolume1 Installer Dato: 5/12/2008 2:38:20 PM System Uptime: 6/24/2009 12:33:35 PM (4 timer siden) Bundkort: http://www.abit.com.tw/ | | IP35 PRO (35. + ICH9R) Processor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Diskpartitioner ========================= A: er Removable C: er fast (NTFS) - 128 GIB alt 60.146 GIB gratis. D: er fast (NTFS) - 69 GIB alt 60.479 GIB gratis. E: er CDROM (CDFS) F: er CDROM (CDFS) G: er fast (NTFS) - 245 GIB alt 138.326 GIB gratis. H: er CDROM () I: er CDROM () J: er CDROM () K: er CDROM () ==== Deaktiveret Enhedshåndtering Vareposter ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivelse: Realtek RTL8169/8110 Familie Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Producent: Realtek Semiconductor Corp Navn: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivelse: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Producent: Microsoft Navn: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== System gendannelsespunkter =================== RP202: 3/26/2009 6:14:01 PM - System Checkpoint RP203: 3/27/2009 9:06:08 PM - System Checkpoint RP204: 3/30/2009 12:43:20 PM - System Checkpoint RP205: 4/1/2009 5:11:23 PM - System Checkpoint RP206: 4/3/2009 3:31:49 PM - System Checkpoint RP207: 4/6/2009 11:30:33 AM - System Checkpoint RP208: 4/8/2009 1:48:55 AM - Fjernet MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installeret MapleStory. RP210: 4/8/2009 2:00:33 AM - Fjernet MapleStory. RP211: 4/8/2009 2:12:11 AM - Installeret MapleStory. RP212: 4/9/2009 1:53:58 PM - System Checkpoint RP213: 4/11/2009 6:22:36 AM - System Checkpoint RP214: 4/14/2009 11:18:28 AM - System Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - System Checkpoint RP217: 4/21/2009 2:37:36 PM - System Checkpoint RP218: 4/22/2009 5:07:27 PM - System Checkpoint RP219: 4/24/2009 2:41:28 PM - System Checkpoint RP220: 4/25/2009 10:07:27 PM - System Checkpoint RP221: 4/28/2009 6:48:10 AM - Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - System Checkpoint RP223: 5/3/2009 11:36:18 PM - System Checkpoint RP224: 5/5/2009 2:29:10 PM - System Checkpoint RP225: 5/6/2009 8:29:33 PM - System Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5/7/2009 11:16:03 AM - Installeret Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - System Checkpoint RP229: 5/10/2009 5:10:12 PM - System Checkpoint RP230: 5/11/2009 9:02:07 PM - System Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Fjernet ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - System Checkpoint RP234: 5/17/2009 1:28:31 AM - System Checkpoint RP235: 5/17/2009 4:58:00 PM - Installeret LG USB modemdriver RP236: 5/19/2009 11:34:48 AM - System Checkpoint RP237: 5/20/2009 12:47:48 PM - System Checkpoint RP238: 5/23/2009 10:08:08 AM - System Checkpoint RP239: 6/1/2009 10:03:10 AM - System Checkpoint RP240: 6/2/2009 10:03:30 AM - System Checkpoint RP241: 6/3/2009 11:47:56 AM - System Checkpoint RP242: 6/5/2009 11:10:53 PM - System Checkpoint RP243: 6/7/2009 2:46:24 PM - System Checkpoint RP244: 6/9/2009 11:32:41 AM - System Checkpoint RP245: 6/10/2009 5:52:30 PM - System Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - System Checkpoint RP248: 6/13/2009 1:12:33 PM - System Checkpoint RP249: 6/14/2009 9:20:14 PM - System Checkpoint RP250: 6/15/2009 9:53:46 PM - System Checkpoint RP251: 6/17/2009 12:27:01 AM - System Checkpoint RP252: 6/21/2009 7:28:06 PM - System Checkpoint RP253: 6/22/2009 8:08:50 PM - System Checkpoint RP254: 6/23/2009 2:54:41 PM - Fjernet Garmin City Navigator North America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Fjernet palmOne RP256: 6/24/2009 3:58:18 PM - System Checkpoint ==== Installerede programmer ====================== ==== Logbog beskeder fra Past Week ======== ==== Slutningen af filen =========================== |
|
#5
24 juni 2009, 14:05
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Download ComboFix © by Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop. Link # 1 Link # 2 ** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord MÅ IKKE køre det endnu! Bemærk: nedenstående instruktioner var skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, som de kunne skade funktionen af dit system Slet disse filer / mapper, som følger: 1. Gå til Start > Løbe > Type Notepad.exe og klik OK at åbne Notesblok. Det skal være Notesblok ikke WordPad. 2. Kopier teksten i nedenstående kode boksen ved at markere al teksten og trykke på Ctrl + C Code: Killall:: DDS:: uInternet Settings, ProxyOverride = *. lokale EB: (32683183-48a0-441b-a342-7c2a440a9478) - nr. File IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - c: \ program files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: synspunkt Manager Service Folder:: C: \ Programmer \ synspunkt 4. Klik derefter på Fil > Gemme 5. Navngiv filen CFScript.txt - Gem filen på dit skrivebord 6. Derefter trække CFScript (hold venstre museknap nede, samtidig med at trække filen) og slippe det (release venstre museknap) i ComboFix.exe som du kan se i skærmbilledet nedenunder. Vigtigt: Udfør denne instruktion omhyggeligt!  ComboFix vil begynde at udføre, skal du blot følge instruktionerne. Efter genstart (når den beder om at genstarte), den vil udarbejde en log for dig. Post, at log (Combofix.txt) i dit næste svar. Bemærk: Må ikke mouseclick ComboFix vindue mens den kører. Det kan forårsage dit system til at fryse
__________________ |
|
#6
25 juni 2009, 08:45
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Kører fra: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches anvendes:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scanning handicappede * (Opdateret) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiveret * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ program files \ synspunkt c: \ genvindingsvirksomhed \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ genvindingsvirksomhed \ S-1-5-21-789336058-2025429265-1644491937-1003 C: \ Windows \ system32 \ drivers \ kl1.sys c: \ Programmer \ Messenger \ msmsgs.exe c: \ program files \ synspunkt \ Common \ ViewpointService.exe c: \ program files \ synspunkt \ Common \ VistaBoot.sdll c: \ program files \ synspunkt \ synspunkt Media Player \ AxMetaStream.dll c: \ program files \ synspunkt \ synspunkt Media Player \ ClassIDs.ini c: \ program files \ synspunkt \ synspunkt Media Player \ ComponentMgr.dll c: \ program files \ synspunkt \ synspunkt Media Player \ MetaStreamID.ini c: \ program files \ synspunkt \ synspunkt Media Player \ MtsAxInstaller.exe c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ AOLUserShell.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ Cursors.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ JpegReader.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ Mts3Reader.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ SceneComponent.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ SreeDMMX.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ SWFView.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ VETScriptInterpreter.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ VMPSpeech.dll c: \ program files \ synspunkt \ synspunkt Media Player \ NewComponents \ VMPVideo2.dll c: \ program files \ synspunkt \ synspunkt Media Player \ npViewpoint.dll c: \ program files \ synspunkt \ synspunkt Media Player \ npViewpoint.xpt c: \ genvindingsvirksomhed \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ genvindingsvirksomhed \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ genvindingsvirksomhed \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ genvindingsvirksomhed \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 C: \ Windows \ emMON.exe C: \ Windows \ system32 \ Codecs \ 7zAES.dll C: \ Windows \ system32 \ Codecs \ AES.dll C: \ Windows \ system32 \ Codecs \ Branch.dll C: \ Windows \ system32 \ Codecs \ BZip2.dll C: \ Windows \ system32 \ Codecs \ Copy.dll C: \ Windows \ system32 \ Codecs \ Deflate.dll C: \ Windows \ system32 \ Codecs \ LZMA.dll C: \ Windows \ system32 \ Codecs \ PPMd.dll C: \ Windows \ system32 \ Codecs \ Rar29.dll C: \ Windows \ system32 \ Codecs \ Swap.dll C: \ Windows \ system32 \ drivers \ ctoss2k.sys C: \ Windows \ system32 \ Formater \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Files Created fra 2009-05-24 til 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programmer \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-C: \ Windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-C: \ Windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-C: \ Windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-C: \ Windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programmer \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-C: \ Windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-C: \ Windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Programmer \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programmer \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-C: \ Windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-C: \ Windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Programmer \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programmer \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programmer \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-C: \ Windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-C: \ Windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-C: \ Windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programmer \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søn \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ Flyt Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-C: \ Windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-C: \ Windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-C: \ Windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries er ikke vist REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ bind Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Programmer \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Programmer \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programmer \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Programmer \ \ Xfire \ \ xfire.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ English \ \ setup.exe" = "c: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Programmer \ \ AIM6 \ \ aim6.exe" = "c: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver c: \ Windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; C: \ Windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; C: \ Windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus midlertidige NDIS Filter; C: \ Windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32; C: \ Windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Andre Services / bilister i Memory --- * NewlyCreated * - SASDIFSV . Indhold af "Planlagte opgaver" mappe 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - Forældreløse FJERNES - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Supplerende Scan ------- . uStart Page = hxxp: / / google.com / IE: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS scanning skjulte processer ... scanning skjulte autostart entries ... scanning skjulte filer ... scanning afsluttet med succes skjulte filer: 0 ************************************************** ************************ . --------------------- LOCKED registreringsdatabasenøgler --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, DE, ff, 66,8 f, 81, d1, 34, d2, D9, C8, 28,51, AF, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, c4, 6a, 9c, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EF, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, DA, EF, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, AB, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EF, 4f, E7, 8d, 86,8 c, 21,01, være, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, F8, 68,02,09, d4, 0B, f3, 53, bc, 62,26,31,77, e1, ba, b1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0F, f3, 83,6 c, 56,8 b, A0, 85,96, ab, D5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, A8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3 0e, 66, D5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL'er Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL C: \ Windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (3748) C: \ Windows \ system32 \ WPDShServiceObj.dll C: \ Windows \ system32 \ PortableDeviceTypes.dll C: \ Windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . c: \ Programmer \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Programmer \ Bonjour \ mDNSResponder.exe C: \ Windows \ system32 \ nvsvc32.exe C: \ Windows \ system32 \ PnkBstrA.exe C: \ Windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ mikroer ~ 4 \ rapimgr.exe c: \ Programmer \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ Programmer \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Afslutning tid: 2009-06-24 19:29 - maskinen blev genstartet ComboFix-karantæne-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes fri Post-Run: 67799437312 bytes fri WindowsXP-KB310994-SP2-Pro-bootdisk-DAN.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Genoprettelseskonsol" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Nuværende = 3 Default = 3 Mislykket = 1 LastKnownGood = 4 Sæt = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 juni 2009, 09:58
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Slet disse filer / mapper, som følger: 1. Gå til Start > Løbe > Type Notepad.exe og klik OK at åbne Notesblok. Det skal være Notesblok ikke WordPad. 2. Kopier teksten i nedenstående kode boksen ved at markere al teksten og trykke på Ctrl + C Code: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | ù • A ~ *] 4. Klik derefter på Fil > Gemme 5. Navngiv filen CFScript.txt - Gem filen på dit skrivebord 6. Derefter trække CFScript (hold venstre museknap nede, samtidig med at trække filen) og slippe det (release venstre museknap) i ComboFix.exe som du kan se i skærmbilledet nedenunder. Vigtigt: Udfør denne instruktion omhyggeligt! ComboFix vil begynde at udføre, skal du blot følge instruktionerne. Efter genstart (når den beder om at genstarte), den vil udarbejde en log for dig. Post, at log (Combofix.txt) i dit næste svar. Bemærk: Må ikke mouseclick ComboFix vindue mens den kører. Det kan forårsage dit system til at fryse ---------- Også lade mig vide, hvordan computeren kører nu. .
__________________ |
|
#8
25 juni 2009, 16:17
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Kører fra: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches anvendes:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scanning handicappede * (Opdateret) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * handicappede * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created fra 2009-05-25 til 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-C: \ Windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programmer \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-C: \ Windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-C: \ Windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-C: \ Windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-C: \ Windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-C: \ Windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-C: \ Windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-C: \ Windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programmer \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-C: \ Windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-C: \ Windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Programmer \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programmer \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Programmer \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programmer \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programmer \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-C: \ Windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-C: \ Windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-C: \ Windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programmer \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søn \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-C: \ Windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-C: \ Windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-C: \ Windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ User32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries er ikke vist REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ bind Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Programmer \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Programmer \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programmer \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Programmer \ \ Xfire \ \ xfire.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ English \ \ setup.exe" = "c: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Programmer \ \ AIM6 \ \ aim6.exe" = "c: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver c: \ Windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; C: \ Windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; C: \ Windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus midlertidige NDIS Filter; C: \ Windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; C: \ Windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Indhold af "Planlagte opgaver" mappe 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplerende Scan ------- . uStart Page = hxxp: / / google.com / IE: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS scanning skjulte processer ... scanning skjulte autostart entries ... scanning skjulte filer ... scanning afsluttet med succes skjulte filer: 0 ************************************************** ************************ . --------------------- LOCKED registreringsdatabasenøgler --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, DE, ff, 66,8 f, 81, d1, 34, d2, D9, C8, 28,51, AF, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, c4, 6a, 9c, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EF, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, DA, EF, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, AB, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EF, 4f, E7, 8d, 86,8 c, 21,01, være, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, F8, 68,02,09, d4, 0B, f3, 53, bc, 62,26,31,77, e1, ba, b1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0F, f3, 83,6 c, 56,8 b, A0, 85,96, ab, D5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, A8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3 0e, 66, D5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL'er Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (1028) c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL C: \ Windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (212) C: \ Windows \ system32 \ WPDShServiceObj.dll C: \ Windows \ system32 \ PortableDeviceTypes.dll C: \ Windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . c: \ Programmer \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Programmer \ Bonjour \ mDNSResponder.exe C: \ Windows \ system32 \ nvsvc32.exe C: \ Windows \ system32 \ PnkBstrA.exe C: \ Windows \ system32 \ rundll32.exe c: \ Programmer \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ mikroer ~ 4 \ rapimgr.exe c: \ Programmer \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ CTxfispi.exe C: \ Windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Afslutning tid: 2009-06-25 19:14 - maskinen blev genstartet ComboFix-karantæne-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes fri Post-Run: 67883995136 bytes fri Nuværende = 3 Default = 3 Mislykket = 1 LastKnownGood = 4 Sæt = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 juni 2009, 18:13
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! Undskyld jeg overset noget. Slet disse filer / mapper, som følger: 1. Gå til Start > Løbe > Type Notepad.exe og klik OK at åbne Notesblok. Det skal være Notesblok ikke WordPad. 2. Kopier teksten i nedenstående kode boksen ved at markere al teksten og trykke på Ctrl + C Code: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \ h-€ | ÅÅÅÅ ¤ • € | ù • A ~ *] 4. Klik derefter på Fil > Gemme 5. Navngiv filen CFScript.txt - Gem filen på dit skrivebord 6. Derefter trække CFScript (hold venstre museknap nede, samtidig med at trække filen) og slippe det (release venstre museknap) i ComboFix.exe som du kan se i skærmbilledet nedenunder. Vigtigt: Udfør denne instruktion omhyggeligt! ComboFix vil begynde at udføre, skal du blot følge instruktionerne. Efter genstart (når den beder om at genstarte), den vil udarbejde en log for dig. Post, at log (Combofix.txt) i dit næste svar. Bemærk: Må ikke mouseclick ComboFix vindue mens den kører. Det kan forårsage dit system til at fryse ---------- Også lade mig vide, hvordan computeren kører nu. .
__________________ |
|
#10
26 juni 2009, 00:59
| |||
| |||
| Inficeret med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Kører fra: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command switches anvendes:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access scanning handicappede * (Opdateret) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * handicappede * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created fra 2009-05-26 til 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-C: \ Windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ program files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programmer \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programmer \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-C: \ Windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-C: \ Windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-C: \ Windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-C: \ Windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - sha-w-C: \ Windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-C: \ Windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-C: \ Windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-C: \ Windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programmer \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ program files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ program files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-C: \ Windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-C: \ Windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Programmer \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programmer \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Programmer \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programmer \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programmer \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-C: \ Windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-C: \ Windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-C: \ Windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programmer \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søn \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-C: \ Windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-C: \ Windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-C: \ Windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ User32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries er ikke vist REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "c: \ Programmer \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "c: \ Programmer \ Creative \ Sound Blaster X-Fi \ bind Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "c: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Programmer \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Programmer \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programmer \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Programmer \ \ Xfire \ \ xfire.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Programmer \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ English \ \ setup.exe" = "c: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Programmer \ \ AIM6 \ \ aim6.exe" = "c: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Programmer \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver c: \ Windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; C: \ Windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; C: \ Windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus midlertidige NDIS Filter; C: \ Windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; C: \ Windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Indhold af "Planlagte opgaver" mappe 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplerende Scan ------- . uStart Page = hxxp: / / google.com / IE: Føj til Bannerannonce Blocker - C: \ Programmer \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS scanning skjulte processer ... scanning skjulte autostart entries ... scanning skjulte filer ... scanning afsluttet med succes skjulte filer: 0 ************************************************** ************************ . --------------------- LOCKED registreringsdatabasenøgler --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, DE, ff, 66,8 f, 81, d1, 34, d2, D9, C8, 28,51, AF, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, c4, 6a, 9c, d6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EF, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, c2, 62,83,25, DA, EF, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, A1, b4, 61,82, bb, AB, D5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, EF, 4f, E7, 8d, 86,8 c, 21,01, være, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, D5, 24,8 d, 3a, 49, c4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, b5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, F8, 68,02,09, d4, 0B, f3, 53, bc, 62,26,31,77, e1, ba, b1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0F, f3, 83,6 c, 56,8 b, A0, 85,96, ab, D5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, A8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3 0e, 66, D5, eb, bc, 2f, 6b, e1, 69,31, ac, dd, ba, 7f, 02,2 a, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL'er Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe «(672) c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.DLL C: \ Windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (288) C: \ Windows \ system32 \ WPDShServiceObj.dll C: \ Windows \ system32 \ PortableDeviceTypes.dll C: \ Windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . c: \ Programmer \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Programmer \ Bonjour \ mDNSResponder.exe C: \ Windows \ system32 \ nvsvc32.exe C: \ Windows \ system32 \ PnkBstrA.exe C: \ Windows \ system32 \ rundll32.exe c: \ Programmer \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ mikroer ~ 4 \ rapimgr.exe c: \ Programmer \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Afslutning tid: 2009-06-26 3:57 - maskinen blev genstartet ComboFix-karantæne-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes fri Post-Run: 67888648192 bytes fri Nuværende = 3 Default = 3 Mislykket = 1 LastKnownGood = 4 Sæt = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Bogmærker |
Lignende Tråde | ||||
| Tråd | Thread Starter | Forum | Svar | Last Post |
| Problem med Trojan Horse Downloader Generic 9 | ÖGB | Virus, Spyware & Sikkerhed | 7 | 21 November 2009 13:06 |
| Multi Desktop Application? | Haun | General Software Chat | 6 | 31 marts 2009 01:30 |
| Heur Trojan Generic | kathymer | Virus, Spyware & Sikkerhed | 10 | 29 november 2008 12:58 |
| Inficeret med Heur.trojan.generic venligst Hjælp | ruffryder2k7 | Virus, Spyware & Sikkerhed | 17 | 6. nov 2008 10:39 |
| Er du i stand til at synkronisere en generisk mp3-afspiller [ikke en iPod] med iTunes? | reyrey_angulo | Lyd, højtalere og MP3-afspillere | 1 | 18 marts 2007 15:39 |
| Thread Tools | |
| |
