|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23 juni 2009, 10:38
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Jeg har nylig lastet ned et tema programmet. Ved installasjon, Kaspersky bedt om et varsel om datamaskinen er infisert med MultiPacked.Multi.Generic malware. Min Kaspersky stanset arbeider og mine vinduer temaet er borte-Jeg står fast med vinduer klassiker. Hjelp please! |
|
#2
23 juni 2009, 11:25
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Prøv å få meg noen av loggene kan du herfra. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 juni 2009, 11:44
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Ser ut som forumet oppstått en feil. Poster disse DDS loggene. Nedlasting DDS fra | Her | eller | Her | eller | Her | og lagre den på skrivebordet. Vista-brukere høyreklikk på DDS og velg Kjør som administrator (du mottar en UAC-melding, kan du tillater det) * XP-brukere Dobbeltklikk på DDS å kjøre den. * Hvis antivirusprogrammet eller brannmuren forsøker å blokkere DDS kan du tillate den å løpe. * Når du er ferdig DDS vil åpne to (2) loggene. 1) DDS.txt 2) Attach.txt * Lagre begge loggene til skrivebordet ditt. * Vennligst kopier og lim inn hele innholdet på begge loggene i neste svaret. Merk: DDS vil veilede deg til å legge inn Attach.txt logg som et vedlegg. Bare legge det slik du vil andre loggen ved å kopiere og lime den inn i svaret.
__________________ |
|
#4
24 juni 2009, 13:55
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14,01) - NTFSx86 Kjør med musen på 16:53:23.36 på onsdag 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-tilgang skanning deaktivert * (Oppdatert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktivert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Running Prosesser =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ Svchost.exe-k WudfServiceGroup Svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programfiler \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Programfiler \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Programfiler \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Programfiler \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programfiler \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ system32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe C: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe Svchost.exe C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Programfiler \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Programfiler \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ system32 \ Svchost.exe-k imgsvc C: \ Programfiler \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Programfiler \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ system32 \ Svchost.exe-k HTTPFilter C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Skrivebord \ dds.com ============== Pseudo HJT Rapport =============== uStart Page = hxxp: / / google.com / uInternet Settings, ProxyOverride = *. local BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - c: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klassifikasjon: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-in 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klassifikasjon: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ veoh nettverk \ veoh \ plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Ingen fil uRun: [Ctfmon.exe] c: \ windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] rundll32.exe C: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ Creative \ delte filer \ modulen loader \ DLLML.exe" RCSystem *-oppstart mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ delte filer \ modulen loader \ dllml.exe" -1 audiodrvemulator "c: \ Programfiler \ Creative \ delte filer \ modulen loader \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-fi \ volum Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] rundll32.exe C: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "c: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Programfiler \ Fellesfiler \ Apple \ mobilenhet støtte \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Legg til Bannerannonse Blocker - C: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: CDO - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - c: \ Programfiler \ Fellesfiler \ Microsoft Shared \ web mapper \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ felles ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Varsle:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL Varsle: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ Kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klassifikasjon: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= SERVICES / DRIVERS =============== R0 kl1; Kl1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security; C: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> c: \ Program Files \ Kaspersky lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ utsiktspunkt \ felles \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filtrer; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; C: \ Program Files \ superantispyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; C: \ Program Files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; c: \ windows \ system m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Opprettet Siste 30 ================ 2009-06-17 13:58 <DIR> - d ----- C: \ Program Files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== Med mindre annet er oppgitt instruert, IKKE POST Denne loggen. Dersom det er ønskelig, ZIP den opp og legg det DDS (Ver_09-05-14,01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Installer Dato: 5/12/2008 2:38:20 PM System Oppetid: 6/24/2009 12:33:35 PM (4 timer siden) Hovedkort: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Prosessor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Disk Rekkverk ========================= A: er Avtakbart C: er løst (NTFS) - 128 GiB totalt 60.146 GiB gratis. D: er løst (NTFS) - 69 GiB totalt 60.479 GiB gratis. E: er CDROM (CDFS) F: er CDROM (CDFS) G: er løst (NTFS) - 245 GiB totalt 138.326 GiB gratis. H: er CDROM () I: er CDROM () J: er CDROM () K: er CDROM () ==== Funksjonshemmede Enhetsbehandling Eks ============= Klassifikasjon GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivelse: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Produsent: Realtek Semiconductor Corp Navn: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Klassifikasjon GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivelse: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Produsent: Microsoft Navn: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== Systemgjenoppretting Points =================== RP202: 3/26/2009 6:14:01 PM - systemkontrollpunkt RP203: 3/27/2009 9:06:08 PM - systemkontrollpunkt RP204: 3/30/2009 12:43:20 PM - systemkontrollpunkt RP205: 4/1/2009 5:11:23 PM - systemkontrollpunkt RP206: 4/3/2009 3:31:49 PM - systemkontrollpunkt RP207: 4/6/2009 11:30:33 AM - systemkontrollpunkt RP208: 4/8/2009 1:48:55 AM - Fjernet MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installed MapleStory. RP210: 4/8/2009 2:00:33 AM - Fjernet MapleStory. RP211: 4/8/2009 2:12:11 AM - Installed MapleStory. RP212: 4/9/2009 1:53:58 PM - systemkontrollpunkt RP213: 4/11/2009 6:22:36 AM - systemkontrollpunkt RP214: 4/14/2009 11:18:28 AM - systemkontrollpunkt RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - systemkontrollpunkt RP217: 4/21/2009 2:37:36 PM - systemkontrollpunkt RP218: 4/22/2009 5:07:27 PM - systemkontrollpunkt RP219: 4/24/2009 2:41:28 PM - systemkontrollpunkt RP220: 4/25/2009 10:07:27 PM - systemkontrollpunkt RP221: 4/28/2009 6:48:10 AM - Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - systemkontrollpunkt RP223: 5/3/2009 11:36:18 PM - systemkontrollpunkt RP224: 5/5/2009 2:29:10 PM - systemkontrollpunkt RP225: 5/6/2009 8:29:33 PM - systemkontrollpunkt RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5/7/2009 11:16:03 AM - installerte Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - systemkontrollpunkt RP229: 5/10/2009 5:10:12 PM - systemkontrollpunkt RP230: 5/11/2009 9:02:07 PM - systemkontrollpunkt RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Fjernet Zu-ONLINE RP233: 5/15/2009 2:47:49 PM - systemkontrollpunkt RP234: 5/17/2009 1:28:31 AM - systemkontrollpunkt RP235: 5/17/2009 4:58:00 PM - Installed LG USB Modem driver RP236: 5/19/2009 11:34:48 AM - systemkontrollpunkt RP237: 5/20/2009 12:47:48 PM - systemkontrollpunkt RP238: 5/23/2009 10:08:08 AM - systemkontrollpunkt RP239: 6/1/2009 10:03:10 AM - systemkontrollpunkt RP240: 6/2/2009 10:03:30 AM - systemkontrollpunkt RP241: 6/3/2009 11:47:56 AM - systemkontrollpunkt RP242: 6/5/2009 11:10:53 PM - systemkontrollpunkt RP243: 6/7/2009 2:46:24 PM - systemkontrollpunkt RP244: 6/9/2009 11:32:41 AM - systemkontrollpunkt RP245: 6/10/2009 5:52:30 PM - systemkontrollpunkt RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - systemkontrollpunkt RP248: 6/13/2009 1:12:33 PM - systemkontrollpunkt RP249: 6/14/2009 9:20:14 PM - systemkontrollpunkt RP250: 6/15/2009 9:53:46 PM - systemkontrollpunkt RP251: 6/17/2009 12:27:01 AM - systemkontrollpunkt RP252: 6/21/2009 7:28:06 PM - systemkontrollpunkt RP253: 6/22/2009 8:08:50 PM - systemkontrollpunkt RP254: 6/23/2009 2:54:41 PM - Fjernet Garmin City Navigator Nord-Amerika NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Fjernet palmOne RP256: 6/24/2009 3:58:18 PM - systemkontrollpunkt ==== Installerte programmer ====================== ==== Hendelsesliste Meldinger fra Past Week ======== ==== Slutten av filen =========================== |
|
#5
24 juni 2009, 14:05
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Last ned ComboFix © av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop. Link # 1 Link # 2 ** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt IKKE kjøre det ennå! Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet Slett disse filer / mapper som følger: 1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk. Det må være Notisblokk ikke Wordpad. 2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C Code: KillAll:: DDS:: uInternet Settings, ProxyOverride = *. lokale EB: (32683183-48a0-441b-a342-7c2a440a9478) - Ingen fil IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: Viewpoint Manager Service Folder:: C: \ Program Files \ utsiktspunkt 4. Deretter klikker du Fil > Lagre 5. Navn filen CFScript.txt - Lagre filen på skrivebordet 6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye!  ComboFix begynner å kjøre, bare følg instruksjonene. Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg. Innlegg som log (Combofix.txt) i neste svaret. Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse
__________________ |
|
#6
25 juni 2009, 08:45
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running from: C: \ Documents and settings \ Mouse \ Skrivebord \ ComboFix.exe Command brytere brukes:: C: \ Documents and Settings \ Mouse \ Skrivebord \ CFScript.txt AV: Kaspersky Internet Security * On-tilgang skanning deaktivert * (Oppdatert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktivert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ utsiktspunkt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ utsiktspunkt \ Common \ ViewpointService.exe C: \ Program Files \ utsiktspunkt \ Common \ VistaBoot.sdll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ AxMetaStream.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ ClassIDs.ini C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ ComponentMgr.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ MetaStreamID.ini C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ MtsAxInstaller.exe C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ npViewpoint.dll C: \ Program Files \ utsiktspunkt \ Viewpoint Media Player \ npViewpoint.xpt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formats \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Files Created fra 2009-05-24 til 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ Programfiler \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programfiler \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ Programfiler \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ Programfiler \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programfiler \ InstallShield Installasjonsinformasjon 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programfiler \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ Flytt Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Lokale innstillinger \ Programdata \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries ikke vises REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programfiler \ \ Sierra \ \ frykter \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engelsk \ \ setup.exe" = "c: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filtrer; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Andre tjenester / drivere i minne --- * NewlyCreated * - SASDIFSV . Innholdet i "Scheduled Tasks"-mappen 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - Orphans fjernet - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Tilleggsavtale Scan ------- . uStart Page = hxxp: / / google.com / IE: Legg til Bannerannonse Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS skanning skjulte prosesser ... scanning hidden autostart entries ... skanning skjulte filer ... skanning er fullført skjulte filer: 0 ************************************************** ************************ . --------------------- Lukket registernøklene --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, AF, b0, 29, A3, 98, a9, C3, a8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6a, 9c, D6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EU, 7e, 55,20, C9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, EU, 7e, 55,20, C9, 26, A3, F2, 65, red, 80,3 e, E4, F6, ff, 7C, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8d, 86,8 c, 21,01, være 91, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7A, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, jfr, c8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, red, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, b1, F8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, E1, BA, b1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0f, F3, 83,6 C, 56,8 b, a0, 85,96, ab, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc 82, ac, 7A, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, BA, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, a8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, eb, bc, 2f, 6b, E1, 69,31, ac, dd, BA, 7f, 02,2 a, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, jfr, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen ts \ h-€ | yyyy ¤ • € | U • Ã ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLer Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe "(1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Prosesser ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Fullføringstidspunkt: 2009-06-24 19:29 - maskinen ble startet på nytt ComboFix-karantene-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes gratis Post-Run: 67799437312 bytes gratis WindowsXP-KB310994-SP2-Pro-bootdisk-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro myk Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro myk Windows XP Professional" / fastdetect / noexecute = OptIn Gjeldende = 3 Standard = 3 Kunne = 1 LastKnownGood = 4 Stiller = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 juni 2009, 09:58
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Slett disse filer / mapper som følger: 1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk. Det må være Notisblokk ikke Wordpad. 2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C Code: KillAll:: RegLock:: [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen ts \ h-€ | yyyy ¤ • € | U • Ã ~ *] 4. Deretter klikker du Fil > Lagre 5. Navn filen CFScript.txt - Lagre filen på skrivebordet 6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye! ComboFix begynner å kjøre, bare følg instruksjonene. Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg. Innlegg som log (Combofix.txt) i neste svaret. Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse ---------- Også la meg vite hvor datamaskinen kjører nå. .
__________________ |
|
#8
25 juni 2009, 16:17
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Running from: C: \ Documents and settings \ Mouse \ Skrivebord \ ComboFix.exe Command brytere brukes:: C: \ Documents and Settings \ Mouse \ Skrivebord \ CFScript.txt AV: Kaspersky Internet Security * On-tilgang skanning deaktivert * (Oppdatert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * deaktivert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created fra 2009-05-25 til 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ Programfiler \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programfiler \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ Programfiler \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ Programfiler \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programfiler \ InstallShield Installasjonsinformasjon 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programfiler \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Lokale innstillinger \ Programdata \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries ikke vises REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programfiler \ \ Sierra \ \ frykter \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engelsk \ \ setup.exe" = "c: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filtrer; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Innholdet i "Scheduled Tasks"-mappen 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Tilleggsavtale Scan ------- . uStart Page = hxxp: / / google.com / IE: Legg til Bannerannonse Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS skanning skjulte prosesser ... scanning hidden autostart entries ... skanning skjulte filer ... skanning er fullført skjulte filer: 0 ************************************************** ************************ . --------------------- Lukket registernøklene --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, AF, b0, 29, A3, 98, a9, C3, a8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6a, 9c, D6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EU, 7e, 55,20, C9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, EU, 7e, 55,20, C9, 26, A3, F2, 65, red, 80,3 e, E4, F6, ff, 7C, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8d, 86,8 c, 21,01, være 91, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7A, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, jfr, c8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, red, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, b1, F8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, E1, BA, b1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0f, F3, 83,6 C, 56,8 b, a0, 85,96, ab, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc 82, ac, 7A, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, BA, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, a8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, eb, bc, 2f, 6b, E1, 69,31, ac, dd, BA, 7f, 02,2 a, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, jfr, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen ts \ h-€ | yyyy ¤ • € | U • Ã ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLer Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe "(1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Prosesser ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Fullføringstidspunkt: 2009-06-25 19:14 - maskinen ble startet på nytt ComboFix-karantene-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes gratis Post-Run: 67883995136 bytes gratis Gjeldende = 3 Standard = 3 Kunne = 1 LastKnownGood = 4 Stiller = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 juni 2009, 18:13
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! Beklager at jeg oversett noe. Slett disse filer / mapper som følger: 1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk. Det må være Notisblokk ikke Wordpad. 2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C Code: KillAll:: RegLock:: [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ userdata \ LocalSystem \ Components \ h-€ | yyyy ¤ • € | U • Ã ~ *] 4. Deretter klikker du Fil > Lagre 5. Navn filen CFScript.txt - Lagre filen på skrivebordet 6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye! ComboFix begynner å kjøre, bare følg instruksjonene. Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg. Innlegg som log (Combofix.txt) i neste svaret. Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse ---------- Også la meg vite hvor datamaskinen kjører nå. .
__________________ |
|
#10
26 juni 2009, 00:59
| |||
| |||
| Infisert med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running from: C: \ Documents and settings \ Mouse \ Skrivebord \ ComboFix.exe Command brytere brukes:: C: \ Documents and Settings \ Mouse \ Skrivebord \ CFScript.txt AV: Kaspersky Internet Security * On-tilgang skanning deaktivert * (Oppdatert) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * deaktivert * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created fra 2009-05-26 til 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-c: \ Programfiler \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-c: \ Programfiler \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-c: \ Programfiler \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w-C: \ Games 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-c: \ Programfiler \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-c: \ Programfiler \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-c: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-c: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-c: \ Programfiler \ InstallShield Installasjonsinformasjon 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-c: \ Programfiler \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ søndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Lokale innstillinger \ Programdata \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ Services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries ikke vises REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ tjenester] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Programfiler \ \ Sierra \ \ frykter \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engelsk \ \ setup.exe" = "c: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filtrer; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Innholdet i "Scheduled Tasks"-mappen 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Tilleggsavtale Scan ------- . uStart Page = hxxp: / / google.com / IE: Legg til Bannerannonse Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS skanning skjulte prosesser ... scanning hidden autostart entries ... skanning skjulte filer ... skanning er fullført skjulte filer: 0 ************************************************** ************************ . --------------------- Lukket registernøklene --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, d9, c8, 28,51, AF, b0, 29, A3, 98, a9, C3, a8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, c8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, c2, c2, DC, E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6a, 9c, D6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EU, 7e, 55,20, C9, 26, eb, a7, df, 4d, 25, c2, 62,83,25, da, EU, 7e, 55,20, C9, 26, A3, F2, 65, red, 80,3 e, E4, F6, ff, 7C, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, B4, 61,82, bb, ab, D5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4f, E7, 8d, 86,8 c, 21,01, være 91, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7A, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, jfr, c8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, b0, 18, red, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, b1, F8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, E1, BA, b1, F8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 a, f1, df, 00, D5, 43, ff, F8, 0f, F3, 83,6 C, 56,8 b, a0, 85,96, ab, D5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, F8, c4, 82, 1a, 7f, d8, 51, fa, 6e, 91,28,9 e, 14, cc 82, ac, 7A, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, aa, 78,0 b, BA, 41,78,8 a, C9, 90,04, b1, cd, 45,5 a, a8, c4, F8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, eb, bc, 2f, 6b, E1, 69,31, ac, dd, BA, 7f, 02,2 a, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, jfr, 52,73, fa, ea, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen ts \ h-€ | yyyy ¤ • € | U • Ã ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLer Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe' (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Prosesser ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Fullføringstidspunkt: 2009-06-26 3:57 - maskinen ble startet på nytt ComboFix-karantene-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes gratis Post-Run: 67888648192 bytes gratis Gjeldende = 3 Standard = 3 Kunne = 1 LastKnownGood = 4 Stiller = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Hugseliste |
Lignende Tråder | ||||
| Tråd | Tråd startet | Forum | Svar | Siste innlegg |
| Problem med Trojansk Hest Downloader Generic 9 | OGB | Virus, spionprogrammer og sikkerhet | 7 | 21 november 2009 13:06 |
| Multi Desktop Application? | Haun | General Software Chat | 6 | 31 mars 2009 01:30 |
| Heur Trojan Generic | kathymer | Virus, spionprogrammer og sikkerhet | 10 | 29 nov 2008 12:58 |
| Infisert med Heur.trojan.generic Please Help | ruffryder2k7 | Virus, spionprogrammer og sikkerhet | 17 | 6 november 2008 10:39 |
| Er du i stand til å synkronisere en fellesbetegnelse mp3 spilleren [ikke en iPod] med iTunes? | reyrey_angulo | Lyd, høyttalere og MP3-spillere | 1 | 18 mars 2007 15:39 |
| Thread Tools | |
| |
