Søg
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 12:41 Der er 25 kommentarer og
1 løsning

Virus, trojan?

Dav, jeg har faaet en virus paa computeren.
Jeg har proevet at scanne for virus med Nod32, men det hjalp ikke paa problemet.
Jeg har i de sidste par dage faaet meddelelser fra ESET Security om at den har renset en skadelig fil i temp-mappen. Denne besked sendte den med ca. 2 timers interval.
Men det er foerst her i morges at der var begyndt at blive slemt.
Den siger, at Eset er uopdateres, og det hjaelper ikke at opdatere den. Det samme med Windows standardbeskyttelse, den siger at den er uopdateret, og at windows er uopdateres, men ikke noget jeg kan goere ved det.
Naar jeg proever at genoprette systemet vha. control panel, har jeg normalt en bredt udvalg af tidspunkter jeg vil vende tilbage til, men nu har jeg kun en mulighed, nemlig dagen igaar.

Den sagde noget om genetid Trojan, eller noget i den retning, de gange hvor ESET fjernede filen hver 2. time.

Hvad kan jeg goere for at fjerne fejlen?
Jeg bliver noed til at skrive dette i internet accessed fejlsikret mode, da den er utrolig langsom i normal mode i oejeblikket.
Avatar billede nva Praktikant
11. juli 2008 - 12:48 #1
Gennefør denne http://www.eksperten.dk/artikler/1123
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:10 #2
Det kan jeg ikke, den tillader mig åbenbart ikke at installere downloadede programmer
Avatar billede nva Praktikant
11. juli 2008 - 13:13 #3
HiJackThis skal ikke installeres - prøv at lægge loggen fra den herind.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:15 #4
Jeg kan ikke få den startet efter download.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:20 #5
Jeg kan åbenbart heller ikke ''gennemse'' filer når jeg vil poste screenshots
Avatar billede nva Praktikant
11. juli 2008 - 13:32 #6
Har du prøvet i fejlsikker tilstand?
Avatar billede nva Praktikant
11. juli 2008 - 13:33 #7
Måske online scanner kan bruges http://housecall.trendmicro.com/us/index.html
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:48 #8
Jeg har lige fundet ud af at jeg ikke kan åbne filerne direkte fra download-vinduen, men de kan åbenbart godt fra skrivebordet: Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 1:45:58 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Big S\Desktop\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4A1C9117-A319-4476-89AD-787E72324358} - C:\WINDOWS\system32\xxywVlkH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: {1cf3b38a-b8e8-7dcb-7704-b237bebb5137} - {7315bbeb-732b-4077-bcd7-8e8ba83b3fc1} - C:\WINDOWS\system32\egurug.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77244082-D27E-416C-9661-FAD640973FCE} - C:\WINDOWS\system32\urqRKDus.dll
O2 - BHO: (no name) - {7A336104-0127-4ACF-97E8-3F083C7F2D9E} - C:\Documents and Settings\Big S\Local Settings\Temporary Internet Files\Content.IE5\05CV6DJD\3077ahntdksr[1].dll
O2 - BHO: (no name) - {7E382E21-A423-4C99-8F1F-71B72752C44f} - C:\WINDOWS\system32\ermebbdf.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S97.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [f8409d5c] rundll32.exe "C:\WINDOWS\system32\iuowjrdl.dll",b
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BMfb73aec0] Rundll32.exe "C:\WINDOWS\system32\jourvicy.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: urqRKDus - C:\WINDOWS\SYSTEM32\urqRKDus.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:50 #9
Når jeg prøvet at åbne SuperAntiSpywarePro, siger den ''The system adminestrator has set polices to prevent this installation''
Ellers har jeg scannet med Ccleaner
Avatar billede nva Praktikant
11. juli 2008 - 13:56 #10
Fix disse linier med HiJackThis og hav kun det vindue åbent når du gør det.

O2 - BHO: (no name) - {4A1C9117-A319-4476-89AD-787E72324358} - C:\WINDOWS\system32\xxywVlkH.dll
O2 - BHO: {1cf3b38a-b8e8-7dcb-7704-b237bebb5137} - {7315bbeb-732b-4077-bcd7-8e8ba83b3fc1} - C:\WINDOWS\system32\egurug.dll
O2 - BHO: (no name) - {77244082-D27E-416C-9661-FAD640973FCE} - C:\WINDOWS\system32\urqRKDus.dll
O2 - BHO: (no name) - {7A336104-0127-4ACF-97E8-3F083C7F2D9E} - C:\Documents and Settings\Big S\Local Settings\Temporary Internet Files\Content.IE5\05CV6DJD\3077ahntdksr[1].dll
O2 - BHO: (no name) - {7E382E21-A423-4C99-8F1F-71B72752C44f} - C:\WINDOWS\system32\ermebbdf.dll
O4 - HKLM\..\Run: [f8409d5c] rundll32.exe "C:\WINDOWS\system32\iuowjrdl.dll",b
O4 - HKLM\..\Run: [BMfb73aec0] Rundll32.exe "C:\WINDOWS\system32\jourvicy.dll",s
O20 - Winlogon Notify: urqRKDus - C:\WINDOWS\SYSTEM32\urqRKDus.dll
Avatar billede nva Praktikant
11. juli 2008 - 13:58 #11
Når du får mulighed for at gennemføre vejledningen bør du gøre det. Jeg går fra min pc lige om lidt, så jeg ser nok først engang i aften om det hjalp noget, så andre må gerne blande sig ;)
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 13:59 #12
De er nu fixet.Jeg tjekker tilbage på normal tilstand, og reporterer tilbage.
Avatar billede fromsej Praktikant
11. juli 2008 - 14:03 #13
Undskyld jeg blander mig, men jeg tror at det er en Bagle infektion, det er en rigtig grim fætter!

Hent og kør dette program:
http://download.bleepingcomputer.com/sUBs/Beagled.exe
Muligvis i fejlsikret, når det er veloverstået, så prøv vejledningen i artiklen nævnt ovenover igen.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 14:51 #14
Her er de to resterende logs:
ComboFix 08-07-10.1 - Big S 2008-07-11 14:41:01.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1458 [GMT 2:00]
Running from: C:\Documents and Settings\Big S\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\HklVwyxx.ini
C:\WINDOWS\system32\HklVwyxx.ini2
C:\WINDOWS\system32\iamcccnw.dll
C:\WINDOWS\system32\iuowjrdl.dll
C:\WINDOWS\system32\jourvicy.dll
C:\WINDOWS\system32\ldrjwoui.ini
C:\WINDOWS\system32\qvlgmhwi.ini
C:\WINDOWS\system32\tabbdkeo.dll

.
(((((((((((((((((((((((((  Files Created from 2008-06-11 to 2008-07-11  )))))))))))))))))))))))))))))))
.

2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\SUPERAntiSpyware.com
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 19:18 . 2008-07-11 13:29    110,517    --a------    C:\WINDOWS\BMfb73aec0.xml
2008-07-10 14:32 . 2008-07-10 14:32    <DIR>    d--------    C:\Program Files\CAPCOM
2008-07-09 08:59 . 2008-07-09 08:58    29,760    --a------    C:\WINDOWS\system32\k6Hm0EF1.exe
2008-07-08 23:01 . 2008-07-08 23:01    96    --ah-----    C:\WINDOWS\system32\HsInfo.dat
2008-07-08 21:27 . 2008-07-08 21:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-08 21:25 . 2004-08-09 05:04    73,728    --a------    C:\WINDOWS\system32\ISUSPM.cpl
2008-07-06 00:29 . 2008-07-06 00:29    268    --ah-----    C:\sqmdata19.sqm
2008-07-06 00:29 . 2008-07-06 00:29    244    --ah-----    C:\sqmnoopt19.sqm
2008-07-05 16:42 . 2008-07-05 16:42    268    --ah-----    C:\sqmdata18.sqm
2008-07-05 16:42 . 2008-07-05 16:42    244    --ah-----    C:\sqmnoopt18.sqm
2008-07-05 00:58 . 2008-07-05 00:58    268    --ah-----    C:\sqmdata17.sqm
2008-07-05 00:58 . 2008-07-05 00:58    244    --ah-----    C:\sqmnoopt17.sqm
2008-06-30 17:07 . 2008-06-30 17:07    <DIR>    d--------    C:\Program Files\Blaze Media Pro
2008-06-30 17:06 . 2008-06-30 17:07    <DIR>    d--h-----    C:\Documents and Settings\All Users\Application Data\{71502C40-CE33-4AB6-9416-0A620783FB71}
2008-06-30 16:54 . 2008-06-30 20:37    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 17:58 . 2008-07-11 14:13    <DIR>    d--------    C:\Program Files\NetSoftware
2008-06-23 19:38 . 2008-06-23 19:38    <DIR>    d--------    C:\Program Files\Xvid
2008-06-23 19:38 . 2007-06-28 18:52    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2008-06-23 19:38 . 2007-06-28 18:54    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2008-06-23 19:38 . 2007-06-28 18:55    77,824    --a------    C:\WINDOWS\system32\xvid.ax
2008-06-20 11:03 . 2008-06-20 11:03    268    --ah-----    C:\sqmdata16.sqm
2008-06-20 11:03 . 2008-06-20 11:03    244    --ah-----    C:\sqmnoopt16.sqm
2008-06-15 09:01 . 2006-03-17 02:38    28,672    ---------    C:\WINDOWS\system32\verclsid.exe
2008-06-11 10:28 . 2008-01-07 14:29    352    --ah-----    C:\WINDOWS\nod32fixtemdono.reg
2008-06-11 10:27 . 2008-06-11 10:27    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\ESET
2008-06-11 10:26 . 2008-06-11 10:26    <DIR>    d--------    C:\Program Files\ESET
2008-06-11 10:14 . 2008-06-11 10:14    <DIR>    d--------    C:\Program Files\AVG
2008-06-11 10:14 . 2008-06-12 10:29    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-06-11 09:18 . 2008-06-13 15:10    272,128    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:18 . 2008-06-13 15:10    272,128    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 12:45    ---------    d-----w    C:\Program Files\Steam
2008-07-11 12:04    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 16:59    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\uTorrent
2008-07-09 18:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:25    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-07-05 18:52    ---------    d-----w    C:\Program Files\World of Warcraft
2008-06-20 10:44    360,960    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 14:19    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 14:19    22,328    ----a-w    C:\Documents and Settings\Big S\Application Data\PnkBstrK.sys
2008-06-11 08:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\ESET
2008-06-10 16:36    ---------    d-----w    C:\Program Files\Teamspeak2_RC2
2008-06-10 16:36    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\teamspeak2
2008-06-01 13:34    ---------    d-----w    C:\Program Files\Common Files\BioWare
2008-06-01 07:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-01 07:30    ---------    d-----w    C:\Program Files\OpenAL
2008-06-01 07:14    ---------    d-----w    C:\Program Files\Codemasters
2008-05-31 20:03    ---------    d-----w    C:\Program Files\Bonjour
2008-05-27 20:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-27 19:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 21:19    ---------    d-----w    C:\Program Files\Ventrilo
2008-05-21 12:48    ---------    d-----w    C:\Program Files\Apple Software Update
2008-05-12 14:09    ---------    d-----w    C:\Program Files\Veoh Networks
2007-10-18 04:16    16,384    --sha-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 07:45 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 16:53 3640368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 18:59 346648]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 18:39 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bigbaddemon\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-09 03:17]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 PciCon;PciCon;D:\PciCon.sys []
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 19:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 19:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-10 22:12:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 10:00:03 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 11:00:03 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 14:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 15:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 16:00:03 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 17:00:02 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 18:00:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 19:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 20:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
HKLM-Run-NetSoftware - C:\Program Files\NetSoftware\Starter.exe
ShellExecuteHooks-{009E3F04-D7A2-456A-AE04-EB9ABF822FE4} - C:\DOCUME~1\BIGS~1\LOCALS~1\Temp\orzow.dll
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 14:45:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-11 14:47:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-11 12:47:57

Pre-Run: 329,052,606,464 bytes free
Post-Run: 328,975,278,080 bytes free

245    --- E O F ---    2008-07-09 18:32:02




















SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2008 at 02:32 PM

Application Version : 4.0.1154

Core Rules Database Version : 3502
Trace Rules Database Version: 1493

Scan type      : Complete Scan
Total Scan Time : 00:16:10

Memory items scanned      : 230
Memory threats detected  : 2
Registry items scanned    : 5409
Registry threats detected : 49
File items scanned        : 16145
File threats detected    : 18

Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\URQRKDUS.DLL
    C:\WINDOWS\SYSTEM32\URQRKDUS.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77244082-D27E-416C-9661-FAD640973FCE}
    HKCR\CLSID\{77244082-D27E-416C-9661-FAD640973FCE}
    HKCR\CLSID\{77244082-D27E-416C-9661-FAD640973FCE}\InprocServer32
    HKCR\CLSID\{77244082-D27E-416C-9661-FAD640973FCE}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{77244082-D27E-416C-9661-FAD640973FCE}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\urqRKDus
    C:\WINDOWS\SYSTEM32\MLJAPMFE.DLL
    C:\WINDOWS\SYSTEM32\TUVWOFDU.DLL
    C:\WINDOWS\SYSTEM32\VTUMLBXW.DLL

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\XXYWVLKH.DLL
    C:\WINDOWS\SYSTEM32\XXYWVLKH.DLL

Adware.URLBlaze
    HKLM\Software\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
    HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID
    C:\PROGRAM FILES\NETSOFTWARE\IEHELPER.DLL

Trojan.Vundo-Variant/Small
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92F7262A-58AD-447B-81B9-23DADA3B1166}
    HKCR\CLSID\{92F7262A-58AD-447B-81B9-23DADA3B1166}
    HKCR\CLSID\{92F7262A-58AD-447B-81B9-23DADA3B1166}\InprocServer32
    HKCR\CLSID\{92F7262A-58AD-447B-81B9-23DADA3B1166}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\XXYAYXPQ.DLL
    C:\WINDOWS\SYSTEM32\XXYWXQGX.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\Big S\Cookies\big_s@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Big S\Cookies\big_s@2o7[2].txt
    C:\Documents and Settings\Big S\Cookies\big_s@mediaplex[1].txt
    C:\Documents and Settings\Big S\Cookies\big_s@apmebf[1].txt

Adware.WhenU
    HKLM\Software\WhenUSearch
    HKLM\Software\WhenUSearch#InstallDir
    HKLM\Software\WhenUSearch#Version
    HKLM\Software\WhenUSearch#pats_url
    HKLM\Software\WhenUSearch#pat_chunks_url
    HKLM\Software\WhenUSearch#update_url
    HKLM\Software\WhenUSearch#ziptomsa_url
    HKLM\Software\WhenUSearch#iptomsa_url
    HKLM\Software\WhenUSearch#coupondataurl
    HKLM\Software\WhenUSearch#InstallTime
    HKLM\Software\WhenUSearch#zip
    HKLM\Software\WhenUSearch\Partners
    HKLM\Software\WhenUSearch\Partners\desktop
    HKLM\Software\WhenUSearch\Partners\desktop#LastPartner
    HKLM\Software\WhenUSearch\Partners\desktop#SetupCmdLine
    HKLM\Software\WhenUSearch\Partners\desktop#Partner
    HKLM\Software\WhenUSearch\Partners\desktop#InstallTime
    HKLM\Software\WhenUSearch\Partners\desktop#PartnerDesc
    HKLM\Software\WhenUSearch\WHSE
    HKLM\Software\WhenUSearch\WHSE#Installed_rs
    HKLM\Software\WhenUSearch\WHSE#uiver_rs
    HKLM\Software\WhenUSearch\WHSE#exitsurvey_url
    HKLM\Software\WhenUSearch\WHSE#Partner
    HKLM\Software\WhenUSearch\WHSE#LastPartner
    HKLM\Software\WhenUSearch\WHSE#InstallTime
    HKLM\Software\WhenUSearch\WHSE#SetupCmdLine
    HKLM\Software\WhenUSearch\WHSE#showSplash
    C:\Program Files\Common Files\WhenU\DTAdapter.exe
    C:\Program Files\Common Files\WhenU\DTPlugin.dll
    C:\Program Files\Common Files\WhenU

Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-1202660629-1637723038-725345543-1003\Software\Microsoft\rdfa

Trojan.Unclassified-Packed/Suspicious
    C:\DOCUMENTS AND SETTINGS\BIG S\DESKTOP\BACKUPS\BACKUP-20080711-135824-962.DLL
    C:\DOCUMENTS AND SETTINGS\BIG S\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\TECTMT2R\3077AHNTDKSR[1].DLL

Trojan.Downloader-CREW
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{614E9E20-E69F-4483-BCAB-3DEAAA053695}\RP262\A0093154.DLL
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 14:53 #15
Umiddelbart ser det hele fint ud!
Super god guide, du kom en link med!
Men jeg venter på en svar og ser om der er noget yderligere jeg skal gøre.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 15:17 #16
Hmm Eset Security siger stadigvæk at der er en variant af en Genetic Trojan i /temp mappen
Avatar billede fromsej Praktikant
11. juli 2008 - 18:17 #17
Det er heller ikke umuligt, Vundo er en sej omgang.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind, sammen med en frisk Combofixlog.
(Først kører du Malwarebytes, derefter Combofix)
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 19:29 #18
Malwarebytes' Anti-Malware 1.20
Database version: 940
Windows 5.1.2600 Service Pack 2

7:24:34 PM 7/11/2008
mbam-log-7-11-2008 (19-24-34).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 131656
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Big S\Desktop\backups\backup-20080711-135824-806.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tabbdkeo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{614E9E20-E69F-4483-BCAB-3DEAAA053695}\RP262\A0090118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{614E9E20-E69F-4483-BCAB-3DEAAA053695}\RP263\A0093181.dll (Trojan.Pakes) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{614E9E20-E69F-4483-BCAB-3DEAAA053695}\RP264\A0093200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb73aec0.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb73aec0.txt (Trojan.Vundo) -> Quarantined and deleted successfully.










ComboFix 08-07-10.1 - Big S 2008-07-11 19:25:56.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1425 [GMT 2:00]
Running from: C:\Documents and Settings\Big S\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tmp39.tmp

.
(((((((((((((((((((((((((  Files Created from 2008-06-11 to 2008-07-11  )))))))))))))))))))))))))))))))
.

2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35    34,296    --a------    C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35    17,144    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\SUPERAntiSpyware.com
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 14:32 . 2008-07-10 14:32    <DIR>    d--------    C:\Program Files\CAPCOM
2008-07-09 08:59 . 2008-07-09 08:58    29,760    --a------    C:\WINDOWS\system32\k6Hm0EF1.exe
2008-07-08 23:01 . 2008-07-08 23:01    96    --ah-----    C:\WINDOWS\system32\HsInfo.dat
2008-07-08 21:27 . 2008-07-08 21:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-08 21:25 . 2004-08-09 05:04    73,728    --a------    C:\WINDOWS\system32\ISUSPM.cpl
2008-07-06 00:29 . 2008-07-06 00:29    268    --ah-----    C:\sqmdata19.sqm
2008-07-06 00:29 . 2008-07-06 00:29    244    --ah-----    C:\sqmnoopt19.sqm
2008-07-05 16:42 . 2008-07-05 16:42    268    --ah-----    C:\sqmdata18.sqm
2008-07-05 16:42 . 2008-07-05 16:42    244    --ah-----    C:\sqmnoopt18.sqm
2008-07-05 00:58 . 2008-07-05 00:58    268    --ah-----    C:\sqmdata17.sqm
2008-07-05 00:58 . 2008-07-05 00:58    244    --ah-----    C:\sqmnoopt17.sqm
2008-06-30 17:07 . 2008-06-30 17:07    <DIR>    d--------    C:\Program Files\Blaze Media Pro
2008-06-30 17:06 . 2008-06-30 17:07    <DIR>    d--h-----    C:\Documents and Settings\All Users\Application Data\{71502C40-CE33-4AB6-9416-0A620783FB71}
2008-06-30 16:54 . 2008-06-30 20:37    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 17:58 . 2008-07-11 14:13    <DIR>    d--------    C:\Program Files\NetSoftware
2008-06-23 19:38 . 2008-06-23 19:38    <DIR>    d--------    C:\Program Files\Xvid
2008-06-23 19:38 . 2007-06-28 18:52    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2008-06-23 19:38 . 2007-06-28 18:54    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2008-06-23 19:38 . 2007-06-28 18:55    77,824    --a------    C:\WINDOWS\system32\xvid.ax
2008-06-20 11:03 . 2008-06-20 11:03    268    --ah-----    C:\sqmdata16.sqm
2008-06-20 11:03 . 2008-06-20 11:03    244    --ah-----    C:\sqmnoopt16.sqm
2008-06-15 09:01 . 2006-03-17 02:38    28,672    ---------    C:\WINDOWS\system32\verclsid.exe
2008-06-11 10:28 . 2008-01-07 14:29    352    --ah-----    C:\WINDOWS\nod32fixtemdono.reg
2008-06-11 10:27 . 2008-06-11 10:27    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\ESET
2008-06-11 10:26 . 2008-06-11 10:26    <DIR>    d--------    C:\Program Files\ESET
2008-06-11 10:14 . 2008-06-11 10:14    <DIR>    d--------    C:\Program Files\AVG
2008-06-11 10:14 . 2008-06-12 10:29    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-06-11 09:18 . 2008-06-13 15:10    272,128    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:18 . 2008-06-13 15:10    272,128    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 16:53    ---------    d-----w    C:\Program Files\Steam
2008-07-11 12:04    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 16:59    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\uTorrent
2008-07-09 18:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-09 07:24    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-08 19:25    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-07-05 18:52    ---------    d-----w    C:\Program Files\World of Warcraft
2008-06-20 17:36    245,248    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44    360,960    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-12 14:19    66,872    ----a-w    C:\WINDOWS\system32\PnkBstrA.exe
2008-06-12 14:19    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 14:19    22,328    ----a-w    C:\Documents and Settings\Big S\Application Data\PnkBstrK.sys
2008-06-12 14:19    2,337,865    ----a-w    C:\WINDOWS\system32\pbsvc.exe
2008-06-12 14:19    107,832    ----a-w    C:\WINDOWS\system32\PnkBstrB.exe
2008-06-11 08:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\ESET
2008-06-10 16:36    ---------    d-----w    C:\Program Files\Teamspeak2_RC2
2008-06-10 16:36    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\teamspeak2
2008-06-01 13:34    ---------    d-----w    C:\Program Files\Common Files\BioWare
2008-06-01 07:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-01 07:31    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2008-06-01 07:30    444,952    ----a-w    C:\WINDOWS\system32\wrap_oal.dll
2008-06-01 07:30    109,080    ----a-w    C:\WINDOWS\system32\OpenAL32.dll
2008-06-01 07:30    ---------    d-----w    C:\Program Files\OpenAL
2008-06-01 07:14    ---------    d-----w    C:\Program Files\Codemasters
2008-05-31 20:03    ---------    d-----w    C:\Program Files\Bonjour
2008-05-27 23:16    61,440    ----a-w    C:\WINDOWS\system32\NormalizeDSP.dll
2008-05-27 20:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-27 19:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 21:19    ---------    d-----w    C:\Program Files\Ventrilo
2008-05-23 13:12    323,584    ----a-w    C:\WINDOWS\system32\AudioGenie2.dll
2008-05-21 12:48    ---------    d-----w    C:\Program Files\Apple Software Update
2008-05-12 14:09    ---------    d-----w    C:\Program Files\Veoh Networks
2008-05-07 04:55    1,288,192    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-04-28 13:53    805,400    ----a-r    C:\WINDOWS\system32\tmp125.tmp
2008-04-28 13:53    805,400    ----a-r    C:\WINDOWS\system32\tmp124.tmp
2008-04-23 03:35    827,392    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-04-16 22:14    233,472    ----a-w    C:\WINDOWS\system32\viscomdvdimg.dll
2006-06-23 22:48    32,768    ----a-r    C:\WINDOWS\inf\UpdateUSB.exe
2007-10-18 04:16    16,384    --sha-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((  snapshot@2008-07-11_14.47.48.45  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 12:44:50    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-07-11 16:53:19    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 07:45 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 16:53 3640368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 18:59 346648]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 18:39 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bigbaddemon\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-09 03:17]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 PciCon;PciCon;D:\PciCon.sys []
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 19:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 19:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-10 22:12:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 10:00:03 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 11:00:03 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 15:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-11 17:00:09 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 18:00:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 19:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 20:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-10 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
"2008-07-09 06:59:12 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\k6Hm0EF1.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 19:27:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 19:27:42
ComboFix-quarantined-files.txt  2008-07-11 17:27:38
ComboFix2.txt  2008-07-11 12:48:00

Pre-Run: 328,982,589,440 bytes free
Post-Run: 328,964,722,688 bytes free

244    --- E O F ---    2008-07-09 18:32:02
Avatar billede fromsej Praktikant
11. juli 2008 - 20:45 #19
Når man bruger crack til sikkerhedsprogrammer, så kan man sq lige så lade være med at bruge noget overhovedet.
Det er utrolig naivt ikke at tro på, at der er lagt "overraskelser" ind i cracks og diverse andre illegale filer!
C:\WINDOWS\nod32fixtemdono.reg

Afinstaller uTorrent i Tilføj/Fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::
Snapshot::
File::
C:\WINDOWS\system32\k6Hm0EF1.exe
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\system32\tmp125.tmp
C:\WINDOWS\system32\tmp124.tmp
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
Folder::
C:\Documents and Settings\Big S\Application Data\uTorrent

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Vi skal se en frisk hijackthislog, samt den nye combofixlog.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 21:33 #20
Vil det virke, hvis jeg kun har en shortcut til Combofix i en mappe?
Kan ikke umidbart lægge den orginale Combofix ind i en mappe, den hopper automatisk efter download til deskop.
Avatar billede evilhomer15 Praktikant
11. juli 2008 - 21:43 #21
Logfile of HijackThis v1.99.1
Scan saved at 9:40:37 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Big S\Desktop\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe









Når jeg kører combofix-programmet, viser den hurtigt en sort vindue, og lukker efter ½ minut, hvorefter der ikke sker mere.
Avatar billede fromsej Praktikant
12. juli 2008 - 10:19 #22
Hent en ny Combofix, bare gem den på skrivebordet, træk så CFScript.txt henover den, så bør det virke.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Avatar billede evilhomer15 Praktikant
12. juli 2008 - 10:54 #23
ComboFix 08-07-11.1 - Big S 2008-07-12 10:43:29.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1601 [GMT 2:00]
Running from: C:\Documents and Settings\Big S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Big S\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\system32\k6Hm0EF1.exe
C:\WINDOWS\system32\tmp124.tmp
C:\WINDOWS\system32\tmp125.tmp
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Big S\Application Data\uTorrent
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\system32\k6Hm0EF1.exe
C:\WINDOWS\system32\tmp124.tmp
C:\WINDOWS\system32\tmp125.tmp
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
(((((((((((((((((((((((((  Files Created from 2008-06-12 to 2008-07-12  )))))))))))))))))))))))))))))))
.

2008-07-11 21:27 . 2008-07-12 10:41    <DIR>    d--------    C:\Program Files\Combofix
2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-11 18:55    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 18:55 . 2008-07-07 17:35    34,296    --a------    C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 18:55 . 2008-07-07 17:35    17,144    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\Big S\Application Data\SUPERAntiSpyware.com
2008-07-11 14:10 . 2008-07-11 14:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 14:32 . 2008-07-10 14:32    <DIR>    d--------    C:\Program Files\CAPCOM
2008-07-08 23:01 . 2008-07-08 23:01    96    --ah-----    C:\WINDOWS\system32\HsInfo.dat
2008-07-08 21:27 . 2008-07-08 21:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-08 21:25 . 2004-08-09 05:04    73,728    --a------    C:\WINDOWS\system32\ISUSPM.cpl
2008-07-06 00:29 . 2008-07-06 00:29    268    --ah-----    C:\sqmdata19.sqm
2008-07-06 00:29 . 2008-07-06 00:29    244    --ah-----    C:\sqmnoopt19.sqm
2008-07-05 16:42 . 2008-07-05 16:42    268    --ah-----    C:\sqmdata18.sqm
2008-07-05 16:42 . 2008-07-05 16:42    244    --ah-----    C:\sqmnoopt18.sqm
2008-07-05 00:58 . 2008-07-05 00:58    268    --ah-----    C:\sqmdata17.sqm
2008-07-05 00:58 . 2008-07-05 00:58    244    --ah-----    C:\sqmnoopt17.sqm
2008-06-30 17:07 . 2008-06-30 17:07    <DIR>    d--------    C:\Program Files\Blaze Media Pro
2008-06-30 17:06 . 2008-06-30 17:07    <DIR>    d--h-----    C:\Documents and Settings\All Users\Application Data\{71502C40-CE33-4AB6-9416-0A620783FB71}
2008-06-30 16:54 . 2008-06-30 20:37    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 17:58 . 2008-07-11 14:13    <DIR>    d--------    C:\Program Files\NetSoftware
2008-06-23 19:38 . 2008-06-23 19:38    <DIR>    d--------    C:\Program Files\Xvid
2008-06-23 19:38 . 2007-06-28 18:52    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2008-06-23 19:38 . 2007-06-28 18:54    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2008-06-23 19:38 . 2007-06-28 18:55    77,824    --a------    C:\WINDOWS\system32\xvid.ax
2008-06-20 11:03 . 2008-06-20 11:03    268    --ah-----    C:\sqmdata16.sqm
2008-06-20 11:03 . 2008-06-20 11:03    244    --ah-----    C:\sqmnoopt16.sqm
2008-06-15 09:01 . 2006-03-17 02:38    28,672    ---------    C:\WINDOWS\system32\verclsid.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 08:51    ---------    d-----w    C:\Program Files\Steam
2008-07-11 12:04    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 18:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:25    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-07-05 18:52    ---------    d-----w    C:\Program Files\World of Warcraft
2008-06-20 10:44    360,960    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10    272,128    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:19    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 14:19    22,328    ----a-w    C:\Documents and Settings\Big S\Application Data\PnkBstrK.sys
2008-06-12 08:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\avg8
2008-06-11 08:27    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\ESET
2008-06-11 08:26    ---------    d-----w    C:\Program Files\ESET
2008-06-11 08:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\ESET
2008-06-11 08:14    ---------    d-----w    C:\Program Files\AVG
2008-06-10 16:36    ---------    d-----w    C:\Program Files\Teamspeak2_RC2
2008-06-10 16:36    ---------    d-----w    C:\Documents and Settings\Big S\Application Data\teamspeak2
2008-06-01 13:34    ---------    d-----w    C:\Program Files\Common Files\BioWare
2008-06-01 07:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-01 07:30    ---------    d-----w    C:\Program Files\OpenAL
2008-06-01 07:14    ---------    d-----w    C:\Program Files\Codemasters
2008-05-31 20:03    ---------    d-----w    C:\Program Files\Bonjour
2008-05-27 20:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-27 19:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 21:19    ---------    d-----w    C:\Program Files\Ventrilo
2008-05-21 12:48    ---------    d-----w    C:\Program Files\Apple Software Update
2008-05-12 14:09    ---------    d-----w    C:\Program Files\Veoh Networks
2006-06-23 22:48    32,768    ----a-r    C:\WINDOWS\inf\UpdateUSB.exe
2007-10-18 04:16    16,384    --sha-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101720071018\index.dat
2007-10-18 04:16    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 07:45 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 16:53 3640368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 18:59 346648]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 18:39 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\bigbaddemon\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-09 03:17]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 PciCon;PciCon;D:\PciCon.sys []
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 19:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 19:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 10:51:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-12 10:53:31 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-12 08:53:28
ComboFix2.txt  2008-07-11 17:27:43
ComboFix3.txt  2008-07-11 12:48:00

Pre-Run: 328,892,203,008 bytes free
Post-Run: 328,877,977,600 bytes free

246    --- E O F ---    2008-07-09 18:32:02
Avatar billede fromsej Praktikant
12. juli 2008 - 19:13 #24
Det ser fint ud, hvordan kører maskinen?
Avatar billede evilhomer15 Praktikant
13. juli 2008 - 08:53 #25
Den kører fint, men stadig noget med Nod32..
Skal jeg måske installere et nyt antivirus?
Avatar billede fromsej Praktikant
13. juli 2008 - 09:07 #26
Ja, og hvis du ikke vil betale for beskyttelse, vil jeg anbefale Avast.
http://files.avast.com/iavs4pro/setupdan.exe
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »