|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23 juni 2009, 10:38
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Jag har nyligen laddat ner ett tema ansökan. Efter installation, Kaspersky föranlett en varning säga dator är infekterad med MultiPacked.Multi.Generic sabotageprogram. Mitt Kaspersky slutat arbeta och mitt fönster tema är borta-Jag fastnade med fönster klassiker. Hjälp snälla! |
|
#2
23 juni 2009, 11:25
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Försök få mig något av loggar du kan härifrån. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 juni 2009, 11:44
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Ser ut som forum hade ett tekniskt fel. Vänligen skicka dessa DDS loggar. Hämta DDS från | HÄR | eller | HÄR | eller | HÄR | och spara den på skrivbordet. Vista-användare högerklicka på DDS och välj Kör som administratör (du får en UAC-prompt, låt det) * XP-användare Dubbelklicka på DDS för att köra den. * Om ditt antivirusprogram eller brandvägg försöka blockera DDS sedan låt det löpa. * När du är klar DDS kommer att öppna två (2) loggar. 1) DDS.txt 2) Attach.txt * Spara både stockar till skrivbordet. * Kopiera och klistra in hela innehållet i både stockar i ditt nästa svar. Obs! DDS dig om att posta Attach.txt log som en bilaga. Snälla bara efter det som du gör något annat log genom att kopiera och klistra in den i svaret.
__________________ |
|
#4
24 juni 2009, 13:55
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14.01) - NTFSx86 Kör med musen på 16:53:23.36 på onsdag 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * På tillgång genomlysningsutrustning funktionshindrade * (Uppdaterad) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiverat * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Running Processes =============== C: \ WINDOWS \ system32 \ Svchost-k DcomLaunch Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ Svchost.exe-k WudfServiceGroup Svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program \ Creative \ Delade filer \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program \ Creative \ Sound Blaster X-Fi \ Volym Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ system32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program \ Microsoft ActiveSync \ wcescomm.exe C: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe Svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ Svchost.exe-k imgsvc C: \ Program \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ synvinkel \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ Svchost.exe-k HTTPFilter C: \ Program \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Rapport =============== uStart Page = hxxp: / / google.com / uInternet Settings, ProxyOverride = *. lokala BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (Mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klass: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klass: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ distribuera \ jqs \ dvs \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ veoh nätverk \ veoh \ plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nej Arkiv uRun: [Ctfmon.exe] c: \ windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] rundll32.exe c: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ Creative \ delade filer \ module loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ delade filer \ module loader \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ Creative \ delade filer \ module loader \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ volym Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] rundll32.exe c: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [aVp] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ mobilenhet Support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Lägg till Bannerannons Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ mikro ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ mikro ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82 dB-00C04FB1625D) - C: \ Program \ Delade filer \ Microsoft Shared \ webbmappar \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ gemensamma ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Underrätta:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL Underrätta: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ Kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klass: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= TJäNSTER / FÖRARE =============== R0 kl1; Kl1, c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg, Kaspersky Lab Boot Guard Driver c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif, Kaspersky Lab Driver c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 aVp, Kaspersky Internet Security, C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 synvinkel Manager Service; synvinkel Manager Service, c: \ program \ synvinkel \ gemensamma \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV, Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53, c: \ windows \ syste m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Skapad Senaste 30 ================ 2009-06-17 13:58 <DIR> - d ----- C: \ Program Files \ LSoft Technologies 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= Mål: 16:54:12.42 =============== Såvida inte särskilda instruktioner, INTE EFTER DETTA LOG. Om så krävs, ZIP IT UPP & bifoga det DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Uppstartsenhet: \ Device \ HarddiskVolume1 Installera Datum: 5/12/2008 2:38:20 PM System Uptime: 6/24/2009 12:33:35 PM (4 timmar sedan) Moderkort: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Processor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Diskpartitioner ========================= A: är Avtagbara C: är FAST (NTFS) - 128 GIB totalt 60.146 GIB gratis. D: är FAST (NTFS) - 69 GIB totalt 60.479 GIB gratis. E: är CDROM (CDFS) F: Är CDROM (CDFS) G: är FAST (NTFS) - 245 GIB totalt 138.326 GIB gratis. H: är CDROM () Jag: Är CDROM () J: Är CDROM () K: är CDROM () ==== Handikappsvänligt Enhetshanteraren Poster ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivning: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Tillverkare: Realtek Semiconductor Corp Namn: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Beskrivning: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Tillverkare: Microsoft Namn: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== System Restore Points =================== RP202: 3/26/2009 6:14:01 PM - System Checkpoint RP203: 3/27/2009 9:06:08 PM - System Checkpoint RP204: 3/30/2009 12:43:20 PM - System Checkpoint RP205: 4/1/2009 5:11:23 PM - System Checkpoint RP206: 4/3/2009 3:31:49 PM - System Checkpoint RP207: 4/6/2009 11:30:33 AM - System Checkpoint RP208: 4/8/2009 1:48:55 AM - Borttagna MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installerad MapleStory. RP210: 4/8/2009 2:00:33 AM - Borttagna MapleStory. RP211: 4/8/2009 2:12:11 AM - Installerad MapleStory. RP212: 4/9/2009 1:53:58 PM - System Checkpoint RP213: 4/11/2009 6:22:36 AM - System Checkpoint RP214: 4/14/2009 11:18:28 AM - System Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - System Checkpoint RP217: 4/21/2009 2:37:36 PM - System Checkpoint RP218: 4/22/2009 5:07:27 PM - System Checkpoint RP219: 4/24/2009 2:41:28 PM - System Checkpoint RP220: 4/25/2009 10:07:27 PM - System Checkpoint RP221: 4/28/2009 6:48:10 AM - Installed Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - System Checkpoint RP223: 5/3/2009 11:36:18 PM - System Checkpoint RP224: 5/5/2009 2:29:10 PM - System Checkpoint RP225: 5/6/2009 8:29:33 PM - System Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5/7/2009 11:16:03 AM - Installed Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - System Checkpoint RP229: 5/10/2009 5:10:12 PM - System Checkpoint RP230: 5/11/2009 9:02:07 PM - System Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Borttagna ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - System Checkpoint RP234: 5/17/2009 1:28:31 AM - System Checkpoint RP235: 5/17/2009 4:58:00 PM - Installed LG USB modemdrivrutinen RP236: 5/19/2009 11:34:48 AM - System Checkpoint RP237: 5/20/2009 12:47:48 PM - System Checkpoint RP238: 5/23/2009 10:08:08 AM - System Checkpoint RP239: 6/1/2009 10:03:10 AM - System Checkpoint RP240: 6/2/2009 10:03:30 AM - System Checkpoint RP241: 6/3/2009 11:47:56 AM - System Checkpoint RP242: 6/5/2009 11:10:53 PM - System Checkpoint RP243: 6/7/2009 2:46:24 PM - System Checkpoint RP244: 6/9/2009 11:32:41 AM - System Checkpoint RP245: 6/10/2009 5:52:30 PM - System Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - System Checkpoint RP248: 6/13/2009 1:12:33 PM - System Checkpoint RP249: 6/14/2009 9:20:14 PM - System Checkpoint RP250: 6/15/2009 9:53:46 PM - System Checkpoint RP251: 6/17/2009 12:27:01 AM - System Checkpoint RP252: 6/21/2009 7:28:06 PM - System Checkpoint RP253: 6/22/2009 8:08:50 PM - System Checkpoint RP254: 6/23/2009 2:54:41 PM - Borttagna Garmin City Navigator North America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Borttagna palmOne RP256: 6/24/2009 3:58:18 PM - System Checkpoint ==== Installerade program ====================== ==== Loggboken Meddelanden från tidigare Vecka ======== ==== End Of File =========================== |
|
#5
24 juni 2009, 14:05
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Ladda ner ComboFix © by subs från en av nedanstående länkar. Var noga med början spara det till Desktop. Länk # 1 Länk # 2 ** Observera: Det är viktigt att det sparas direkt på skrivbordet INTE kör det ännu! Obs! nedanstående instruktioner skapades speciellt för den här användaren. Om du inte är här, INTE Följ dessa anvisningar, eftersom de kan skada fungerar systemet Ta bort dessa filer / mappar på följande sätt: 1. Gå till Start > Springa > Typ Notepad.exe och klicka OK att öppna Anteckningar. Den måste vara Anteckningar inte WordPad. 2. Kopiera texten i nedanstående nummer fält genom att markera all text och trycka på Ctrl + C Kod: Killall: DDS: uInternet Settings, ProxyOverride = *. lokala EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nej Arkiv IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver: synvinkel Manager Service Folder:: C: \ Program Files \ synvinkel 4. Klicka sedan på Fil > Spara 5. Namnge filen CFScript.txt - Spara filen på skrivbordet 6. Dra sedan CFScript (håll nere vänster musknapp medan du drar filen) och släppa det (release vänster musknapp) i ComboFix.exe som du ser i skärmdumpen nedan. Viktigt: Utför denna instruktion noga!  ComboFix kommer att börja köra, bara följ anvisningarna. Efter omstart (om man begär att starta om), kommer att ta fram en logga åt dig. Post som log (Combofix.txt) i din nästa replik. Obs! Don't mouseclick ComboFix fönster medan det körs. Det kan göra att ditt system fryser
__________________ |
|
#6
25 juni 2009, 08:45
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Kommando växlar används:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * På tillgång genomlysningsutrustning funktionshindrade * (Uppdaterad) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * aktiverat * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andra Strykningar ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ synvinkel c: \ materialåtervinningsföretag \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ materialåtervinningsföretag \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ synvinkel \ Common \ ViewpointService.exe C: \ Program Files \ synvinkel \ Common \ VistaBoot.sdll C: \ Program Files \ synvinkel \ synvinkel Media Player \ AxMetaStream.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ ClassIDs.ini C: \ Program Files \ synvinkel \ synvinkel Media Player \ ComponentMgr.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ MetaStreamID.ini C: \ Program Files \ synvinkel \ synvinkel Media Player \ MtsAxInstaller.exe C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ npViewpoint.dll C: \ Program Files \ synvinkel \ synvinkel Media Player \ npViewpoint.xpt c: \ materialåtervinningsföretag \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ materialåtervinningsföretag \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ materialåtervinningsföretag \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ materialåtervinningsföretag \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Format \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Files Created från 2009-05-24 till 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-C: \ Program Files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spel 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94,643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105,395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ söndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1,847,168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23,032 ---- aw C: \ Documents and Settings \ Mouse \ Lokala inställningar \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * tomma poster & legit default poster visas inte REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volym Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVp" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon start [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n uppstartsmeddelanden [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon start [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ Application Data \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engelska \ \ setup.exe" = "c: \ Program \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Program \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Program \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg, Kaspersky Lab Boot Guard Driver c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV, Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Andra Tjänster / förare i Memory --- * NewlyCreated * - SASDIFSV . Innehållet i "Schemalagda aktiviteter" mapp 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - Föräldralösa BORT - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Lägg till Bannerannons Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS scanning dolda processer ... scanning dold autostart poster ... scanning dolda filer ... scan completed successfully dolda filer: 0 ************************************************** ************************ . --------------------- LOCKED Registernycklar --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, d9, C8, 28,51, af, B0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, C9, 26, eb, a7, DF, 4d, 25, C2, 62,83,25, da, EG, 7e, 55,20, C9, 26, A3, f2, 65, ED, 80,3 E, E4, F6, FF, 7c, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, F2, A1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EG, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, d5, 24,8 d, 3a, 49, c4, B0, 18, ed, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, DF, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, BA, B1, f8, 68,02,09, d4, 0b, f3, 53, BC, 62,26,31,77, e1, BA, B1, f8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 a, F1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, f8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ användardata \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL-filer Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Andra pågående processer ----------------------- -- . C: \ Program Files \ Creative \ Delade filer \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Tid: 2009-06-24 19:29 - maskinen startas ComboFix-karantän-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes gratis Post-Run: 67799437312 bytes gratis WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Aktuella = 3 Default = 3 Det gick inte = 1 LastKnownGood = 4 Satser = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 juni 2009, 09:58
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Ta bort dessa filer / mappar på följande sätt: 1. Gå till Start > Springa > Typ Notepad.exe och klicka OK att öppna Anteckningar. Den måste vara Anteckningar inte WordPad. 2. Kopiera texten i nedanstående nummer fält genom att markera all text och trycka på Ctrl + C Kod: Killall: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ användardata \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | U • A ~ *] 4. Klicka sedan på Fil > Spara 5. Namnge filen CFScript.txt - Spara filen på skrivbordet 6. Dra sedan CFScript (håll nere vänster musknapp medan du drar filen) och släppa det (release vänster musknapp) i ComboFix.exe som du ser i skärmdumpen nedan. Viktigt: Utför denna instruktion noga! ComboFix kommer att börja köra, bara följ anvisningarna. Efter omstart (om man begär att starta om), kommer att ta fram en logga åt dig. Post som log (Combofix.txt) i din nästa replik. Obs! Don't mouseclick ComboFix fönster medan det körs. Det kan göra att ditt system fryser ---------- Dessutom vill jag veta hur datorn är igång nu. .
__________________ |
|
#8
25 juni 2009, 16:17
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Kommando växlar används:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * På tillgång genomlysningsutrustning funktionshindrade * (Uppdaterad) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * funktionshindrade * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andra Strykningar ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created från 2009-05-25 till 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-C: \ Program Files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spel 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94,643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105,395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ söndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1,847,168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23,032 ---- aw C: \ Documents and Settings \ Mouse \ Lokala inställningar \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * tomma poster & legit default poster visas inte REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volym Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVp" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon start [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n uppstartsmeddelanden [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon start [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ Application Data \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engelska \ \ setup.exe" = "c: \ Program \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Program \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Program \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg, Kaspersky Lab Boot Guard Driver c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV, Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Innehållet i "Schemalagda aktiviteter" mapp 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Lägg till Bannerannons Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS scanning dolda processer ... scanning dold autostart poster ... scanning dolda filer ... scan completed successfully dolda filer: 0 ************************************************** ************************ . --------------------- LOCKED Registernycklar --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, d9, C8, 28,51, af, B0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, C9, 26, eb, a7, DF, 4d, 25, C2, 62,83,25, da, EG, 7e, 55,20, C9, 26, A3, f2, 65, ED, 80,3 E, E4, F6, FF, 7c, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, F2, A1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EG, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, d5, 24,8 d, 3a, 49, c4, B0, 18, ed, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, DF, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, BA, B1, f8, 68,02,09, d4, 0b, f3, 53, BC, 62,26,31,77, e1, BA, B1, f8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 a, F1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, f8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ användardata \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL-filer Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Andra pågående processer ----------------------- -- . C: \ Program Files \ Creative \ Delade filer \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Tid: 2009-06-25 19:14 - maskinen startas ComboFix-karantän-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes gratis Post-Run: 67883995136 bytes gratis Aktuella = 3 Default = 3 Det gick inte = 1 LastKnownGood = 4 Satser = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 juni 2009, 18:13
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! Förlåt att jag förbisett något. Ta bort dessa filer / mappar på följande sätt: 1. Gå till Start > Springa > Typ Notepad.exe och klicka OK att öppna Anteckningar. Den måste vara Anteckningar inte WordPad. 2. Kopiera texten i nedanstående nummer fält genom att markera all text och trycka på Ctrl + C Kod: Killall: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ användardata \ LocalSystem \ Components \ h-€ | ÅÅÅÅ ¤ • € | U • A ~ *] 4. Klicka sedan på Fil > Spara 5. Namnge filen CFScript.txt - Spara filen på skrivbordet 6. Dra sedan CFScript (håll nere vänster musknapp medan du drar filen) och släppa det (release vänster musknapp) i ComboFix.exe som du ser i skärmdumpen nedan. Viktigt: Utför denna instruktion noga! ComboFix kommer att börja köra, bara följ anvisningarna. Efter omstart (om man begär att starta om), kommer att ta fram en logga åt dig. Post som log (Combofix.txt) i din nästa replik. Obs! Don't mouseclick ComboFix fönster medan det körs. Det kan göra att ditt system fryser ---------- Dessutom vill jag veta hur datorn är igång nu. .
__________________ |
|
#10
26 juni 2009, 00:59
| |||
| |||
| Infekterade med MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running from: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Kommando växlar används:: C: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * På tillgång genomlysningsutrustning funktionshindrade * (Uppdaterad) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * funktionshindrade * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Andra Strykningar ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Files Created från 2009-05-26 till 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- w-C: \ Program Files \ LSoft Technologies 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Spel 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94,643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105,395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- d ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw C: \ Documents and Settings \ Mouse \ Application Data \ söndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1,847,168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23,032 ---- aw C: \ Documents and Settings \ Mouse \ Lokala inställningar \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ Svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ Lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ Winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * tomma poster & legit default poster visas inte REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volym Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVp" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Adobe Gamma Loader.lnk backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon start [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n uppstartsmeddelanden [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start-meny ^ Program ^ Autostart ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Program \ Autostart \ Microsoft Office.lnk backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon start [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ Services] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ Application Data \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engelska \ \ setup.exe" = "c: \ Program \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "c: \ Program \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "c: \ Program \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg, Kaspersky Lab Boot Guard Driver c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU, c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV, Kaspersky Lab KLFltDev, c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5, Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32, c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Innehållet i "Schemalagda aktiviteter" mapp 2009-06-13 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 C: \ Windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp: / / google.com / IE: Lägg till Bannerannons Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS scanning dolda processer ... scanning dold autostart poster ... scanning dolda filer ... scan completed successfully dolda filer: 0 ************************************************** ************************ . --------------------- LOCKED Registernycklar --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, D1, 34, d2, d9, C8, 28,51, af, B0, 29, a3, 98, a9, c3, a8, 8a, 5e, d3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC, e4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, EG, 7e, 55,20, C9, 26, eb, a7, DF, 4d, 25, C2, 62,83,25, da, EG, 7e, 55,20, C9, 26, A3, f2, 65, ED, 80,3 E, E4, F6, FF, 7c, 85, E0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, F2, A1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, ae, EG, 4f, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-a916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, C8, 7e, 4a, d5, 24,8 d, 3a, 49, c4, B0, 18, ed, a7, 3f, 8d, 37, A4, 29, B5, 53,9 a, d3, 4a, 02,51, DF, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, BA, B1, f8, 68,02,09, d4, 0b, f3, 53, BC, 62,26,31,77, e1, BA, B1, f8, 68,02,77, C3, de, C6, 98,79, 54,2 c, fb, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, FC, E8, 04,4 a, F1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, EA, f8, c4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, C9, 90,04, B1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, a2, 44,8 d, 59, a6, F5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, eb, bc, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 A, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8a, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ användardata \ LocalSystem \ Componen ts \ h-€ | ÅÅÅÅ ¤ • € | U • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL-filer Loaded Under Running Processes --------------------- - - - - - - -> "Winlogon.exe" (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Andra pågående processer ----------------------- -- . C: \ Program Files \ Creative \ Delade filer \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Slutförande temne: 2009-06-26 3:57 - maskinen startas ComboFix-karantän-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes gratis Post-Run: 67888648192 bytes gratis Aktuella = 3 Default = 3 Det gick inte = 1 LastKnownGood = 4 Satser = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Komihåglista |
Liknande Trådar | ||||
| Tråd | Thread Starter | Forum | Svar | Senaste Inlägg |
| Problem med Trojan Horse Downloader Generic 9 | OGB | Virus, spionprogram och säkerhet | 7 | 21 november 2009 13:06 |
| Multi Desktop Application? | Haun | General Software Chat | 6 | 31 mars 2009 01:30 |
| Heur Trojan Generic | kathymer | Virus, spionprogram och säkerhet | 10 | 29 november 2008 12:58 |
| Infekterade med Heur.trojan.generic Please Help | ruffryder2k7 | Virus, spionprogram och säkerhet | 17 | 6 november 2008 10:39 |
| Kan du synka generisk mp3 spelare [inte en iPod] med iTunes? | reyrey_angulo | Ljud, Högtalare & MP3 Spelare | 1 | 18 mars 2007 15:39 |
| Thread Tools | |
| |
