cozmos Skrevet 12. september 2008 Skrevet 12. september 2008 (endret) Har slitt med diverse popups o.l (virtumonde) en stund nå, og har fulgt stegene i den fantastiske veiledningen i sticky. bare lurte på om jeg har fått fjernet det som skal fjernes. comofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-10.04 - Christian 2008-09-12 8:45:30.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1642 [GMT 2:00] Running from: C:\Documents and Settings\Christian \Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aktqxlac.ini C:\WINDOWS\system32\aqlgxnlb.ini C:\WINDOWS\system32\cmbsexdj.ini C:\WINDOWS\system32\cuyhritr.ini C:\WINDOWS\system32\dgnahgsf.ini C:\WINDOWS\system32\harpfypg.ini C:\WINDOWS\system32\hknnmUtv.ini C:\WINDOWS\system32\hknnmUtv.ini2 C:\WINDOWS\system32\ibakyfmd.ini C:\WINDOWS\system32\pgqhilub.ini C:\WINDOWS\system32\qctbaskc.ini C:\WINDOWS\system32\SssssBeg.ini C:\WINDOWS\system32\SssssBeg.ini2 C:\WINDOWS\system32\vgrtdgak.ini C:\WINDOWS\system32\vphnhxfp.ini C:\WINDOWS\system32\wctkayuo.ini C:\WINDOWS\system32\ywtfoqhd.ini . ((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))) . 2008-09-12 08:36 . 2008-09-12 08:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-12 08:36 . 2008-09-12 08:36 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\Malwarebytes 2008-09-12 08:36 . 2008-09-12 08:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-12 08:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-12 08:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-12 08:35 . 2008-09-12 08:35 <DIR> d-------- C:\Program Files\CCleaner 2008-09-11 11:58 . 2008-09-11 11:58 <DIR> d-------- C:\Program Files\Windows Defender 2008-09-04 08:04 . 2008-09-04 08:04 <DIR> d-------- C:\VundoFix Backups 2008-09-02 10:14 . 2008-09-02 10:14 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-29 12:34 . 2008-08-29 12:34 <DIR> d-------- C:\Program Files\Winamp 2008-08-29 12:34 . 2008-08-29 12:34 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\Winamp 2008-08-27 13:17 . 2008-09-02 16:36 253 --a------ C:\WINDOWS\wininit.ini 2008-08-26 15:04 . 2008-08-26 15:04 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\vlc 2008-08-26 15:02 . 2008-08-26 15:02 <DIR> d-------- C:\Program Files\VideoLAN 2008-08-26 14:16 . 2008-08-26 14:34 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-26 14:10 . 2008-08-26 14:10 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\Nero 2008-08-26 14:07 . 2008-08-26 14:51 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-26 14:07 . 2008-08-26 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-26 13:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-26 13:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-26 13:55 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-26 12:46 . 2008-08-26 12:46 <DIR> d-------- C:\WINDOWS\Sun 2008-08-26 12:46 . 2008-09-03 18:48 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\LimeWire 2008-08-26 12:46 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-26 12:45 . 2008-08-26 12:46 <DIR> d-------- C:\Program Files\Java 2008-08-26 12:44 . 2008-08-26 12:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-08-26 12:39 . 2008-08-26 12:40 <DIR> d-------- C:\Program Files\LimeWire 2008-08-26 12:18 . 2008-08-26 12:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-26 12:18 . 2008-09-12 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-26 12:17 . 2008-08-26 12:17 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\Logitech 2008-08-26 12:17 . 2008-08-26 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-08-26 12:15 . 2008-08-26 12:15 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-26 12:15 . 2008-08-26 12:15 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-08-26 12:15 . 2008-08-26 12:15 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-08-26 12:14 . 2008-08-26 12:14 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-08-26 12:14 . 2008-08-26 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-08-26 12:14 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-08-26 12:14 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll 2008-08-26 12:14 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll 2008-08-26 12:14 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll 2008-08-26 12:14 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll 2008-08-26 12:13 . 2008-08-26 12:13 <DIR> d-------- C:\Program Files\Logitech 2008-08-26 12:11 . 2008-08-26 12:11 <DIR> d-------- C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card 2008-08-26 12:11 . 2008-08-26 12:11 <DIR> d-------- C:\Program Files\OpenAL 2008-08-26 12:11 . 2006-07-26 15:51 5,718,016 --a------ C:\WINDOWS\system\cmicnfgp.cpl 2008-08-26 12:08 . 2007-11-13 15:48 119,848 --a------ C:\WINDOWS\system32\SilSupp.dll 2008-08-26 12:08 . 2007-11-13 15:48 71,720 --a------ C:\WINDOWS\system32\drivers\PnP680.sys 2008-08-26 12:05 . 2007-12-01 00:25 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-08-26 12:05 . 2007-12-01 00:25 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-08-26 12:05 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-26 12:05 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-08-26 12:04 . 2007-11-30 17:31 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-26 12:04 . 2007-11-30 17:31 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-26 12:04 . 2007-11-30 17:23 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-08-26 12:04 . 2007-11-30 17:23 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-08-26 12:04 . 2007-11-30 17:31 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-26 12:04 . 2007-11-30 17:31 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-26 12:01 . 2008-08-26 12:01 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-08-26 12:01 . 2008-08-26 12:01 <DIR> d-------- C:\Program Files\Realtek 2008-08-26 12:00 . 2008-08-26 12:00 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\InstallShield 2008-08-26 11:38 . 2008-08-26 11:38 <DIR> d-------- C:\Program Files\ESET 2008-08-26 11:33 . 2008-09-12 08:41 <DIR> d-------- C:\Program Files\MSA 2008-08-26 11:17 . 2008-09-12 08:48 <DIR> d-------- C:\Program Files\mIRC 2008-08-26 11:17 . 2008-09-12 08:48 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\mIRC 2008-08-26 11:16 . 2007-09-02 20:56 1,686,016 --a------ C:\WINDOWS\system32\clinetsuitex6.ocx 2008-08-26 11:16 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2008-08-26 11:16 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-08-26 11:16 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll 2008-08-26 11:15 . 2008-08-26 11:25 <DIR> d-------- C:\Program Files\Driver-Soft 2008-08-26 11:04 . 2008-08-26 11:04 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\ESET 2008-08-26 11:03 . 2008-08-26 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-26 10:59 . 2008-08-26 11:04 <DIR> d-------- C:\Documents and Settings\Christian \Contacts 2008-08-26 10:55 . 2008-08-26 10:58 <DIR> d-------- C:\Program Files\Windows Live 2008-08-26 10:55 . 2008-08-26 10:58 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-26 10:55 . 2008-08-26 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-26 10:50 . 2008-08-26 10:50 <DIR> d-------- C:\Program Files\uTorrent 2008-08-26 10:50 . 2008-09-07 06:29 <DIR> d-------- C:\Documents and Settings\Christian \Application Data\uTorrent 2008-08-26 10:43 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-26 10:43 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-26 10:40 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-26 10:40 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-26 10:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-26 10:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-26 10:40 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-26 10:33 . 2008-08-26 10:36 <DIR> d-------- C:\Program Files\Setup Files 2008-08-26 10:28 . 2008-02-25 20:54 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys 2008-08-26 10:25 . 2008-08-26 10:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-26 10:25 . 2008-08-26 10:25 <DIR> d-------- C:\Program Files\Intel 2008-08-26 10:25 . 2008-08-26 10:25 <DIR> d-------- C:\Intel 2008-08-26 10:23 . 2008-08-26 11:06 <DIR> d-------- C:\Program Files\MSI 2008-08-26 10:23 . 2008-08-26 12:14 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-08-26 10:23 . 2003-07-14 13:57 143,360 --a------ C:\WINDOWS\system32\IpLib.dll 2008-08-26 10:23 . 2003-09-02 11:25 11,266 --a------ C:\WINDOWS\system32\drivers\diag69xp.sys 2008-08-26 10:23 . 2003-09-17 15:57 8,440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys 2008-08-26 10:18 . 2008-08-26 10:18 <DIR> d-------- C:\WINDOWS\nview 2008-08-26 10:18 . 2008-08-26 10:23 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-08-26 10:18 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-26 10:18 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-26 10:18 . 2008-09-12 08:48 186,500 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-26 10:18 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-26 08:40 . 2007-11-30 17:31 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-25 16:00 . 2008-09-12 08:38 <DIR> d-------- C:\Documents and Settings\Christian . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 10:11 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-08-26 10:11 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-08-25 13:56 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-01 08:39 113,664 ----a-w C:\WINDOWS\inf\hdaudio.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-30 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-26 805392] mIRC.lnk - C:\Program Files\mIRC\mirc.exe [2008-07-18 2808320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "D:\\Program Files\\Steam\\steamapps\\turbo\\team fortress classic\\hl.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Pnp680;SiI 680 ATA Controller;C:\WINDOWS\system32\DRIVERS\pnp680.sys [2007-11-13 71720] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;C:\WINDOWS\system32\drivers\cmudaxp.sys [2006-12-07 1423360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f2c388e-79d7-11dd-ab71-00161711f34d}] \Shell\AutoRun\command - F:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fbcf42-72bc-11dd-a3d0-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e686ca0a-7339-11dd-ab52-a73a88f8cdb9}] \Shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{81B3054D-8E9E-4AAD-8BB5-B147DD493B49} - C:\WINDOWS\system32\geBssssS.dll BHO-{B7D8BCFE-1926-4C81-A052-784E64CA7122} - C:\WINDOWS\system32\vtUmnnkh.dll HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe HKLM-Run-Cmaudio8788 - cmicnfgp.cpl . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab C:\WINDOWS\Downloaded Program Files\MSIWDev.inf . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 08:48:10 Windows 5.1.2600 Service Pack 3, v.3264 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomApp\Program\Razer Barracuda AC-1 Gaming Audio card.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\WINDOWS\SoftwareDistribution\Download\f6d390a5c8cb03ef1624d5e3583de48b\update\update.exe . ************************************************************************** . Completion time: 2008-09-12 8:49:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-12 06:49:26 Pre-Run: 27,705,323,520 bytes free Post-Run: 27,635,449,856 bytes free 230 --- E O F --- 2008-09-02 08:15:30 Malwarebytes' Anti-Malware: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.28Database versjon: 1141 Windows 5.1.2600 Service Pack 3, v.3264 12.09.2008 08:41:31 mbam-log-2008-09-12 (08-41-31).txt Skanntype: Rask Skann Objekter skannet: 36581 Tid tilbakelagt: 1 minute(s), 39 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 3 Registernøkler infisert: 11 Registerverdier infisert: 22 Registerfiler infisert: 2 Mapper infisert: 0 Filer infisert: 29 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\ddcBRllk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\spvhadlo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\stpsey.dll (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0744fd92-e378-4c7a-9a83-884f60d71bff} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0744fd92-e378-4c7a-9a83-884f60d71bff} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d872ee57-ffda-4310-a752-9e77dec06131} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d872ee57-ffda-4310-a752-9e77dec06131} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\100b7aaf (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie411.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie412.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie413.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie414.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4ba.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie9a7.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie411.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie412.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie413.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie414.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4ba.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie9a7.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcbrllk -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcbrllk -> Delete on reboot. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\ddcBRllk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kllRBcdd.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kllRBcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\stpsey.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\spvhadlo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\oldahvps.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ixquwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kfkroxdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ofvhbxia.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdcgtuht.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdocessu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bgjtxssl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eeovnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\elqdjw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fxkxcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qsqndevc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\stnkansa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tmenjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wttona.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayvVNFU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yaywurQG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ytzpbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldltteit.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. Hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:54:39, on 12.09.2008 Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Christian\Desktop\HijackThis\Testx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219740028031 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5017 bytes edit: Tok vekk så det skulle bli enklere å lese. Endret 12. september 2008 av cozmos
cozmos Skrevet 12. september 2008 Forfatter Skrevet 12. september 2008 Supert! Takker for kjemperask respons! =)
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå