Spywarefri Forum | for en sikkerheds skyld

1 af 3

for en sikkerheds skyld

[ Ignorer ] killerdane
19.04.2007 23:15:11 Antal indlæg: 299	Hej alle. Jeg har forsøgt at følge jeres anvisninger, inden jeg lagde denne log. har kørt alle de fire anbefalede programmer. Min computer hænger, og jeg kan ikke umiddelbart se noget galt i hjt-loggen. Kan I ? hermed: Logfile of HijackThis v1.99.1 Scan saved at 20:43, on 07-04-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Tom\Skrivebord\spywarefri\alternativ.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] “C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SystemGuardAlerter] “f:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe” O4 - HKLM\..\Run: [ioloDelayModule] f:\Programmer\iolo\System Mechanic Professional 6\delay.exe O4 - HKLM\..\Run: [ATICCC] “C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [type32] “C:\Programmer\Microsoft IntelliType Pro\type32.exe” O4 - HKLM\..\Run: [DAEMON Tools] “C:\Programmer\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe” -osboot O4 - HKLM\..\Run: [IntelliPoint] “C:\Programmer\Microsoft IntelliPoint\ipoint.exe” O4 - HKLM\..\Run: [DefragTaskBar] “f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe” O4 - HKLM\..\Run: [LocalCooling] “C:\Programmer\LocalCooling\localcooling.exe” -s O4 - HKLM\..\Run: [ZoneAlarm Client] “C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM\..\Run: [SPAMfighter Agent] “C:\Programmer\SPAMfighter\SFAgent.exe” update delay 60 O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [CloneCDTray] “C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE “C:\Programmer\Alwil Software\Avast4\AhAScr.dll” O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe” O4 - HKCU\..\Run: [SMSystemAnalyzer] “f:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe” O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AshampooDefragService - - f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe” /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - f:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - f:\Programmer\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - f:\Programmer\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe og fra fra rootcheck: ******************************* ROOTCHK-(13-04-07)-LOG, by ejvindh 07-04-19 20:39:13.28 Driver imaslip (visible) is present. A rootkit scan is recommended. ******************************* ROOTCHK-LOG-end Tak drenge og piger:-)
[ Ignorer ] [ # 1 ] Fromsej TeamSpywarefri
20.04.2007 00:07:29 Administrator Team Spywarefri Antal indlæg: 55091	—Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.young-andersen.dk/gamer/gamer.zip Start med at omdøbe programmet gmer.exe (fx til abc.exe). Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Imens der scannes, bør du afbryde netforbindelsen, lukke alle åbne programmer, og undlade at bruge computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v. I nogle tilfælde er logfilen så lang, at den ikke kan være i en enkelt post. Så må du lægge den af flere omgange. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 2 ] killerdane
20.04.2007 00:39:52 Antal indlæg: 299	hermed scanningsloggen af gmer: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-19 22:35:36 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess ——Kernel code sections - GMER 1.0.12—— .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, 11, F0, AA, 80, 74, F0, ... ] ? C:\WINDOWS\system32\drivers\sptd.sys Processen kan ikke få adgang til filen, da den bruges af en anden proces. ? srescan.sys Den angivne fil blev ikke fundet. .text USBPORT.SYS!DllUnload F64D062C 5 Bytes JMP 86FD51B8 ? System32\Drivers\a0ixka3t.SYS Den angivne sti blev ikke fundet. ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Den angivne fil blev ikke fundet. ——User code sections - GMER 1.0.12—— [Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 3 ] killerdane
20.04.2007 00:43:47 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 4 ] killerdane
20.04.2007 00:45:02 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 5 ] killerdane
20.04.2007 00:47:01 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 6 ] killerdane
20.04.2007 00:48:16 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 7 ] killerdane
20.04.2007 00:49:38 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 8 ] killerdane
20.04.2007 00:51:07 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 9 ] killerdane
20.04.2007 00:52:51 Antal indlæg: 299	[Fjernet dele af Gmer-loggen som ikke er relevante (for at forumsoftwaren ikke skal gå død på tråden) - ejvindh teamsupporter]
[ Ignorer ] [ # 10 ] killerdane
20.04.2007 00:54:42 Antal indlæg: 299	Device \Driver\a0ixka3t \Device\Scsi\a0ixka3t1Port2Path0Target0Lun0 IRP_MJ_POWER 86522958 Device \Driver\a0ixka3t \Device\Scsi\a0ixka3t1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86522958 Device \Driver\a0ixka3t \Device\Scsi\a0ixka3t1Port2Path0Target0Lun0 IRP_MJ_PNP 86522958 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8653F650 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8653F650 ——Registry - GMER 1.0.12—— Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Zl Qbjaybnqf\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!!\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!! ( Gbhg SE )\PybarPQ 5.2.6.1\PybarPQ 5.2.6.1.rkr 0x66 0x01 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:S:\Zl Qbjaybnqf\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!!\NalQIQ 5.3.2.1 + PybarQIQ 2.8.5.1 + PybarPQ 5.2.6.1 + QIQ Qrpelcgre 3 + QIQ Fuevax 3 + PENPXF!! ( Gbhg SE )\PybarPQ 5.2.6.1\Penpx\Fylfbsg.rkr 0x66 0x01 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x2D 0x50 0x8B 0xFB ... Reg \Registry\USER\S-1-5-21-1275210071-436374069-682003330-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x69 0x3E 0x43 0x58 ... ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 11 ] killerdane
20.04.2007 00:57:00 Antal indlæg: 299	pyha. Så er det lidt aften lekture til folk der forstår sig på volapyk. Jeg ved bare min comp er en krig om at skifte side med 10 megabit ned og intet andet kørende. Du finder det nok Fromsej:-) Tom
[ Ignorer ] [ # 12 ] Ejvindh
20.04.2007 01:17:26 Redaktør Team Spywarefri Antal indlæg: 6048	—Hent Avenger her: http://swandog46.geekstogo.com/avenger.zip —Hent Combofix fra et af disse links, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe — Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. —Pak Avenger-programmet ud og dobbeltklik på avenger.exe —Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind: ——————————————- Files to delete: C:\WINDOWS\System32\Drivers\a0ixka3t.SYS C:\WINDOWS\system32\Drivers\mchInjDrv.sys drivers to unload: mchInjDrv imaslip ——————————————- —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.
[ Ignorer ] [ # 13 ] Ejvindh
20.04.2007 01:30:18 Redaktør Team Spywarefri Antal indlæg: 6048	I øvrigt: Eftersom vi nu arbejder med en rootkit-befængt computer, må vi hellere få den flyttet over i rette kategori. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320
[ Ignorer ] [ # 14 ] killerdane
20.04.2007 19:57:12 Antal indlæg: 299	hej Ejvind. Den er ikke meget for at åbne tråden her:-) gad vide om den ved dens dage er talte:-P hermed de to “logs”: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kqiujdsw ***************** Script file located at: \??\C:\Program Files\irodkara.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Services\mchInjDrv not found! Unload of driver mchInjDrv failed! Could not process line: mchInjDrv Status: 0xc0000034 Driver imaslip unloaded successfully. Completed script processing. ***************** Finished! Terminate. “Tom” - 07-04-20 17:09:17 Service Pack 2 [SAFE MODE] ComboFix 07-04-19.2V - Running from: C:\Documents and Settings\Tom\Skrivebord\ ((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 )))))))))))))))))))))))))))))))))) 2007-04-19 20:21 3,968—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-19 19:30 <DIR> d————C:\Programmer\uTorrent 2007-04-19 19:21 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\uTorrent 2007-04-13 23:38 101,888—a———C:\WINDOWS\system32\VB6STKIT.DLL 2007-04-13 20:53 87,608—a———C:\DOCUME~1\Tom\APPLIC~1\ezpinst.exe 2007-04-13 20:53 47,360—a———C:\DOCUME~1\Tom\APPLIC~1\pcouffin.sys 2007-04-13 20:53 <DIR> d————C:\Programmer\vso 2007-04-13 20:53 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\Vso 2007-04-13 20:29 <DIR> d————C:\Programmer\DirectVobSub 2007-04-10 15:35 77,824—a———C:\WINDOWS\system32\qttask.exe 2007-04-10 15:34 5,600—a———C:\WINDOWS\system\WINASPI.DLL 2007-04-10 15:34 45,056—a———C:\WINDOWS\system32\WNASPI32.DLL 2007-04-10 15:34 4,672—a———C:\WINDOWS\system\WOWPOST.EXE 2007-04-10 15:34 16,877—a———C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-04-10 15:33 99,840 -ra———C:\WINDOWS\system32\sonydvau.dll 2007-04-10 15:33 99,840 -ra———C:\WINDOWS\system32\Avwin32.dll 2007-04-10 15:33 98,304—a———C:\WINDOWS\system32\vsscodec.dll 2007-04-10 15:33 889,468 -ra———C:\WINDOWS\system32\sonydvm2.dll 2007-04-10 15:33 77,824 -ra———C:\WINDOWS\system32\sonydv.dll 2007-04-10 15:33 692,224—a———C:\WINDOWS\system32\vsscore.dll 2007-04-10 15:33 69,632 -ra———C:\WINDOWS\system32\NTCodec.dll 2007-04-10 15:33 583,168 -ra———C:\WINDOWS\system32\sonydvvd.dll 2007-04-10 15:33 57,344 -ra———C:\WINDOWS\system32\miroDVenc.dll 2007-04-10 15:33 53,248 -ra———C:\WINDOWS\system32\MMTrayLSI.exe 2007-04-10 15:33 51,200—a———C:\WINDOWS\system32\camcodec.dll 2007-04-10 15:33 50,688 -ra———C:\WINDOWS\system32\miroDV4un.dll 2007-04-10 15:33 45,056 -ra———C:\WINDOWS\system32\miroDVun.dll 2007-04-10 15:33 45,056 -ra———C:\WINDOWS\system32\dsrmp4.dll 2007-04-10 15:33 45,056—a———C:\WINDOWS\system32\pclepim1.dll 2007-04-10 15:33 43,008 -ra———C:\WINDOWS\system32\miroDV16un.dll 2007-04-10 15:33 41,472 -ra———C:\WINDOWS\system32\AVIPR.dll 2007-04-10 15:33 38,400 -ra———C:\WINDOWS\system32\Doveov32.dll 2007-04-10 15:33 360,448 -ra———C:\WINDOWS\system32\pvwv220.dll 2007-04-10 15:33 34,304—a———C:\WINDOWS\system32\Qpeg32.dll 2007-04-10 15:33 319,488 -ra———C:\WINDOWS\system32\pvmjpg21.dll 2007-04-10 15:33 266,240 -ra———C:\WINDOWS\system32\rmp4.dll 2007-04-10 15:33 24,576 -ra———C:\WINDOWS\system32\DvWrite.dll 2007-04-10 15:33 24,064 -ra———C:\WINDOWS\system32\DvRead.dll 2007-04-10 15:33 23,552 -ra———C:\WINDOWS\system32\pdi.dll 2007-04-10 15:33 228,864 -ra———C:\WINDOWS\system32\idvcodec.dll 2007-04-10 15:33 221,184—a———C:\WINDOWS\system32\vssconf.dll 2007-04-10 15:33 211,968 -ra———C:\WINDOWS\system32\rtmjpgcdc.dll 2007-04-10 15:33 196,608 -ra———C:\WINDOWS\system32\pvljpg20.dll 2007-04-10 15:33 143,360—a———C:\WINDOWS\system32\mpegdecoder.dll 2007-04-10 15:33 136,704 -ra———C:\WINDOWS\system32\sonydvve.dll 2007-04-10 15:33 122,880 -ra———C:\WINDOWS\system32\mirodv2avi.dll 2007-04-10 15:33 113,152 -ra———C:\WINDOWS\system32\Avhal32.dll 2007-04-10 15:33 11,264 -ra———C:\WINDOWS\system32\TEKYUV.DLL 2007-04-10 15:32 57,344 -ra———C:\WINDOWS\system32\MMTray2k.exe 2007-04-10 15:32 270,336 -ra———C:\WINDOWS\system32\MMTVMJ.dll 2007-04-10 15:30 53,248 -ra———C:\WINDOWS\system32\MMTray.exe 2007-04-10 15:30 422,912 -ra———C:\WINDOWS\system32\M3JP2K32.dll 2007-04-10 15:30 172,032 -ra———C:\WINDOWS\system32\MJ2Desc.dll 2007-04-10 15:28 66,048 -ra———C:\WINDOWS\system32\MIROXL32.DLL 2007-04-10 15:28 255,488 -ra———C:\WINDOWS\system32\M3JPEG32.DLL 2007-04-10 15:28 224,256 -ra———C:\WINDOWS\system32\MMIJG32.dll 2007-04-10 15:27 98,816 -ra———C:\WINDOWS\system32\mcmjpg32.dll 2007-04-10 15:27 98,398 -ra———C:\WINDOWS\system32\DGcolorXVFW.dll 2007-04-10 15:27 98,304 -ra———C:\WINDOWS\system32\dvsoft.dll 2007-04-10 15:27 95,232 -ra———C:\WINDOWS\system32\dvavi.dll 2007-04-10 15:27 92,672 -ra———C:\WINDOWS\system32\ASUSASV2.dll 2007-04-10 15:27 86,016 -ra———C:\WINDOWS\system32\WNVPLAY1.DLL 2007-04-10 15:27 8,704 -ra———C:\WINDOWS\system32\Dvc.dll 2007-04-10 15:27 79,360 -ra———C:\WINDOWS\system32\Acodec.dll 2007-04-10 15:27 77,664 -ra———C:\WINDOWS\system32\IR21_R.DLL 2007-04-10 15:27 756,736 -ra———C:\WINDOWS\system32\ir41_32.dll 2007-04-10 15:27 75,200—a———C:\WINDOWS\system32\ATIVCR1.DLL 2007-04-10 15:27 733,184—a———C:\WINDOWS\system32\VSFilter.dll 2007-04-10 15:27 71,680 -ra———C:\WINDOWS\system32\ASUSASV1.DLL 2007-04-10 15:27 66,560 -ra———C:\WINDOWS\system32\atiyuv12.dll 2007-04-10 15:27 56,832 -ra———C:\WINDOWS\system32\dvoutput.dll 2007-04-10 15:27 53,248 -ra———C:\WINDOWS\system32\DpsAviCC.dll 2007-04-10 15:27 482,816 -ra———C:\WINDOWS\system32\VFCodec.dll 2007-04-10 15:27 47,104 -ra———C:\WINDOWS\system32\KMVIDC32.DLL 2007-04-10 15:27 45,056—a———C:\WINDOWS\system32\AVIWRAP.DLL 2007-04-10 15:27 413,760 -ra———C:\WINDOWS\system32\mpg4c32.dll 2007-04-10 15:27 40,960 -ra———C:\WINDOWS\system32\Gpeg.dll 2007-04-10 15:27 40,960 -ra———C:\WINDOWS\system32\FLCCODEC32.DLL 2007-04-10 15:27 36,864 -ra———C:\WINDOWS\system32\Glzw.dll 2007-04-10 15:27 343,552 -ra———C:\WINDOWS\system32\LCodcCMP.dll 2007-04-10 15:27 32,768 -ra———C:\WINDOWS\system32\wnpapi32.dll 2007-04-10 15:27 32,256 -ra———C:\WINDOWS\system32\cdvccodc.dll 2007-04-10 15:27 315,392 -ra———C:\WINDOWS\system32\ICMW_32.DLL 2007-04-10 15:27 306,176 -ra———C:\WINDOWS\system32\DVcodec.dll 2007-04-10 15:27 30,208 -ra———C:\WINDOWS\system32\deccdvc.dll 2007-04-10 15:27 29,696 -ra———C:\WINDOWS\system32\fwcall.dll 2007-04-10 15:27 263,680 -ra———C:\WINDOWS\system32\MCDVD_32.DLL 2007-04-10 15:27 24,064 -ra———C:\WINDOWS\system32\AASC32.DLL 2007-04-10 15:27 229,464 -ra———C:\WINDOWS\system32\SwcDvvfw.dll 2007-04-10 15:27 163,932 -ra———C:\WINDOWS\system32\swcjpegvfw.dll 2007-04-10 15:27 16,896 -ra———C:\WINDOWS\system32\flcfile32.dll 2007-04-10 15:27 150,016 -ra———C:\WINDOWS\system32\ativcr2.dll 2007-04-10 15:27 148,992 -ra———C:\WINDOWS\system32\CSEDV.DLL 2007-04-10 15:27 143,360 -ra———C:\WINDOWS\system32\frwt.dll 2007-04-10 15:27 143,360 -ra———C:\WINDOWS\system32\frwd.dll 2007-04-10 15:27 114,688 -ra———C:\WINDOWS\system32\frwu.dll 2007-04-10 15:27 110,592 -ra———C:\WINDOWS\system32\tsccvid.dll 2007-04-10 15:27 110,592 -ra———C:\WINDOWS\system32\DpsToAvi.dll 2007-04-10 15:27 104,448 -ra———C:\WINDOWS\system32\CSCCDVC.DLL 2007-04-10 15:27 102,492 -ra———C:\WINDOWS\system32\swcmpegvfw.dll 2007-04-10 15:27 100,352 -ra———C:\WINDOWS\system32\CSCdvsd.DLL 2007-04-10 15:27 1,409,119 -ra———C:\WINDOWS\system32\DigiVCap.dll 2007-04-10 15:26 835,584—a———C:\WINDOWS\system32\3ivx.dll 2007-04-10 15:26 81,920—a———C:\WINDOWS\system32\libfaad.dll 2007-04-10 15:26 69,632 -ra———C:\WINDOWS\system32\AVIMSZH.DLL 2007-04-10 15:26 569,344 -ra———C:\WINDOWS\system32\divx4.dll 2007-04-10 15:26 475,136 -ra———C:\WINDOWS\system32\Rududu.dll 2007-04-10 15:26 446,464 -ra———C:\WINDOWS\system32\vp31vfw.dll 2007-04-10 15:26 414,272 -ra———C:\WINDOWS\system32\DivXc32f.dll 2007-04-10 15:26 414,272 -ra———C:\WINDOWS\system32\DivXc32.dll 2007-04-10 15:26 389,120—a———C:\WINDOWS\system32\OpenQuicktimeLib.dll 2007-04-10 15:26 339,968—a———C:\WINDOWS\system32\3ivxVfWCodec.dll 2007-04-10 15:26 33,280 -ra———C:\WINDOWS\system32\huffyuv.dll 2007-04-10 15:26 303,104 -ra———C:\WINDOWS\system32\ETXCodec.dll 2007-04-10 15:26 160,256 -ra———C:\WINDOWS\system32\pmjpeg32.dll 2007-04-10 15:26 155,648 -ra———C:\WINDOWS\system32\AvidAVICodec.dll 2007-04-10 15:26 114,688 -ra———C:\WINDOWS\system32\AVIZLIB.DLL 2007-04-07 22:58 2,825—a———C:\WINDOWS\system32\sdbackup.reg 2007-04-05 19:10 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\COWON 2007-04-05 19:08 <DIR> d————C:\Programmer\F‘lles filer\COWON 2007-04-05 19:07 <DIR> d————C:\Programmer\JetAudio 2007-04-05 03:48 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited 2007-04-04 16:12 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\e-Safekey 2007-04-04 16:01 <DIR> d————C:\Programmer\CCleaner 2007-04-04 11:23 44,032————- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-04-04 11:23 25,088————- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-04-04 11:23 <DIR> d————C:\Programmer\F‘lles filer\Creative 2007-04-04 01:06 <DIR> d————C:\Programmer\DFX 2007-04-04 01:06 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX 2007-04-04 00:43 90,112————- C:\WINDOWS\Updreg.EXE 2007-04-03 23:55 <DIR> d————C:\Programmer\SPAMfighter 2007-04-03 23:55 <DIR> d————C:\Programmer\F‘lles filer\Application 2007-04-03 23:55 <DIR> d————C:\Programmer\F‘lles filer\Ankiro 2007-04-03 23:45 86,016—a———C:\WINDOWS\system32\OpenAL32.dll 2007-04-03 23:45 405,504—a———C:\WINDOWS\system32\wrap_oal.dll 2007-04-03 23:44 133,632—a———C:\WINDOWS\system32\CtDvInst.dll 2007-04-03 23:44 11,264—a———C:\WINDOWS\INRES.DLL 2007-04-03 23:44 <DIR> d————C:\WINDOWS\system32\Data 2007-04-03 21:11 <DIR> d————C:\WINDOWS\system32\QuickTime 2007-04-03 17:26 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\Creative 2007-04-03 17:14 <DIR> d—h——- C:\Programmer\Creative Installation Information 2007-04-03 11:48 64,512—a———C:\WINDOWS\system32\P17(3).dll 2007-04-03 11:48 64,512—a———C:\WINDOWS\system32\P17(2).dll 2007-04-03 11:48 133,632—a———C:\WINDOWS\system32\CtDvInst(3).dll 2007-04-03 11:48 133,632—a———C:\WINDOWS\system32\CtDvInst(2).dll 2007-04-03 11:01 <DIR> d————C:\Programmer\SPAMfighter(2) 2007-04-03 11:01 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\SPAMfighter 2007-04-02 17:50 <DIR> d————C:\DOCUME~1\Tom\.oces 2007-04-02 16:17 <DIR> d————C:\Programmer\Windows Defender 2007-04-02 15:42 <DIR> d————C:\VIRUSfighter 2007-04-01 19:45 8,388,608—a———C:\DOCUME~1\Tom\ntuser.dat 2007-03-29 19:17 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\Samsung 2007-03-29 18:42 <DIR> d————C:\DOCUME~1\Tom\APPLIC~1\Cryptomathic 2007-03-29 18:41 <DIR> d————C:\Programmer\TDC 2007-03-28 22:54 94,000—a———C:\WINDOWS\system32\drivers\ss_mdm.sys 2007-03-28 22:54 8,304—a———C:\WINDOWS\system32\drivers\ss_mdfl.sys 2007-03-28 22:54 6,144—a———C:\WINDOWS\system32\drivers\ss_cmnt.sys 2007-03-28 22:54 6,144—a———C:\WINDOWS\system32\drivers\ss_cm.sys 2007-03-28 22:54 58,320—a———C:\WINDOWS\system32\drivers\ss_bus.sys 2007-03-28 22:54 5,808—a———C:\WINDOWS\system32\drivers\ss_whnt.sys 2007-03-28 22:54 5,808—a———C:\WINDOWS\system32\drivers\ss_wh.sys 2007-03-28 22:54 <DIR> d————C:\WINDOWS\system32\Samsung_USB_Drivers 2007-03-28 22:54 <DIR> d————C:\WINDOWS\system32\Samsung PC Studio Codecs 2007-03-28 22:54 <DIR> d————C:\Programmer\Samsung 2007-03-27 09:55 524,288—a———C:\WINDOWS\system32\DivXsm.exe 2007-03-27 09:55 3,596,288—a———C:\WINDOWS\system32\qt-dx331.dll 2007-03-27 09:55 200,704—a———C:\WINDOWS\system32\ssldivx.dll 2007-03-27 09:55 1,044,480—a———C:\WINDOWS\system32\libdivx.dll 2007-03-27 09:49 73,728—a———C:\WINDOWS\system32\dpl100.dll 2007-03-27 09:49 593,920—a———C:\WINDOWS\system32\dpuGUI11.dll 2007-03-27 09:49 57,344—a———C:\WINDOWS\system32\dpv11.dll 2007-03-27 09:49 53,248—a———C:\WINDOWS\system32\dpuGUI10.dll 2007-03-27 09:49 344,064—a———C:\WINDOWS\system32\dpus11.dll 2007-03-27 09:49 294,912—a———C:\WINDOWS\system32\dpu11.dll 2007-03-27 09:49 294,912—a———C:\WINDOWS\system32\dpu10.dll 2007-03-27 09:49 196,608—a———C:\WINDOWS\system32\dtu100.dll 2007-03-27 09:48 823,296—a———C:\WINDOWS\system32\divx_xx0c.dll 2007-03-27 09:48 823,296—a———C:\WINDOWS\system32\divx_xx07.dll 2007-03-27 09:48 802,816—a———C:\WINDOWS\system32\divx_xx11.dll 2007-03-27 09:48 639,066—a———C:\WINDOWS\system32\DivX.dll 2007-03-21 00:14 508,928—a———C:\WINDOWS\system32\msde.dll 2007-03-21 00:14 46,592—a———C:\WINDOWS\system32\buyb12ex.dll 2007-03-21 00:14 40,960—a———C:\WINDOWS\system32\FXDV1to2.dll 2007-03-21 00:14 368,912—a———C:\WINDOWS\system32\vbar332.dll 2007-03-21 00:14 363,008—a———C:\WINDOWS\system32\BUYB12.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-19 23:03————d————C:\Programmer\lx_cats 2007-04-19 21:54————d————C:\Programmer\superantispyware 2007-04-19 21:05 73484—a———C:\WINDOWS\system32\perfc006.dat 2007-04-19 21:05 415284—a———C:\WINDOWS\system32\perfh006.dat 2007-04-19 19:30————d————C:\Programmer\voipbuster.com 2007-04-19 17:05————d————C:\DOCUME~1\Tom\APPLIC~1\limewire 2007-04-18 18:16 733824—a———C:\WINDOWS\system32\aswboot.exe 2007-04-18 18:12 94552—a———C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 18:12 85952—a———C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 18:10 23416—a———C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 18:09 43176—a———C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 18:07 26888—a———C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 18:06 90112—a———C:\WINDOWS\system32\avastss.scr 2007-04-17 18:34————d————C:\Programmer\pacificpoker 2007-04-16 00:49————d————C:\Programmer\limewire 2007-04-15 23:21————d————C:\Programmer\slysoft 2007-04-13 20:53 47360—a———C:\WINDOWS\system32\drivers\pcouffin.sys 2007-04-13 20:53 34—a———C:\DOCUME~1\Tom\APPLIC~1\pcouffin.log 2007-04-13 20:53 1144—a———C:\DOCUME~1\Tom\APPLIC~1\pcouffin.inf 2007-04-13 20:53 1074—a———C:\DOCUME~1\Tom\APPLIC~1\pcouffin.cat 2007-04-12 21:25————d————C:\DOCUME~1\Tom\APPLIC~1\dvdcss 2007-04-09 10:39————d————C:\Programmer\divx 2007-04-05 19:07————d—h——- C:\Programmer\installshield installation information 2007-04-04 22:12————d————C:\Programmer\ewido anti-malware 2007-04-04 01:17 5018—ahs——C:\WINDOWS\system32\kgygaavl.sys 2007-04-04 01:06————d————C:\Programmer\F‘lles filer\wise installation wizard 2007-04-04 00:55————d————C:\Programmer\creative 2007-03-30 23:39 4212—-h——- C:\WINDOWS\system32\zllictbl.dat 2007-03-27 19:30————d————C:\Programmer\clonedvd 2007-03-21 07:45————d————C:\Programmer\ahead 2007-03-17 15:45 292864—a———C:\WINDOWS\system32\winsrv.dll 2007-03-09 00:02 75512—a———C:\WINDOWS\zllsputility.exe 2007-03-09 00:01 1087216—a———C:\WINDOWS\system32\zpeng24.dll 2007-03-08 17:38 577536—a———C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960—a———C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600—a———C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:35 1843584—a———C:\WINDOWS\system32\win32k.sys 2007-03-06 20:07————d————C:\Programmer\enigma software group 2007-03-06 17:07 465474—-hs——C:\WINDOWS\system32\nnnmp.bak1 2007-03-06 02:40 466358—-hs——C:\WINDOWS\system32\uvvwa.bak1 2007-03-06 01:59 466398—-hs——C:\WINDOWS\system32\jjllm.bak1 2007-03-06 01:30 76560—a———C:\WINDOWS\system32\drivers\tmcomm.sys 2007-03-06 01:20 466358—-hs——C:\WINDOWS\system32\stutv.bak1 2007-03-06 00:37 466358—-hs——C:\WINDOWS\system32\stvwa.bak1 2007-03-04 22:50————d————C:\Programmer\mirc 2007-03-03 21:23————d————C:\DOCUME~1\Tom\APPLIC~1\cyberlink 2007-03-03 20:54————d————C:\Programmer\cyberlink 2007-03-03 20:51 8 -r-hs——C:\WINDOWS\system32\aa895cee54.sys 2007-02-28 18:27————d————C:\Programmer\on2 technologies 2007-02-27 19:42————d————C:\Programmer\pinnacle(2) 2007-02-27 16:50————d————C:\Programmer\smartsound software 2007-02-27 16:49 89—a———C:\AUTOEXEC.BAT 2007-02-24 01:26 24—a———C:\WINDOWS\system32\sysmwwod.dll 2007-02-24 01:25————d————C:\Programmer\ace-high mp3 wav wma ogg converter 2007-02-23 23:50 175616—a———C:\WINDOWS\system32\mspmsp.dll 2007-02-23 20:32————d————C:\Programmer\mp3 player utilities 3.75 2007-02-18 21:52 286208—a———C:\WINDOWS\system32\cncs232.dll 2007-02-18 21:52 1191760—a———C:\WINDOWS\dedicated server.exe 2007-02-16 03:40 124472—a———C:\WINDOWS\system32\divxcodecupdatechecker.exe 2007-02-11 17:51 1093632—a———C:\WINDOWS\system32\freeimage.dll 2007-02-05 22:19 185344—a———C:\WINDOWS\system32\upnphost.dll 2007-01-28 23:26 2040—a———C:\WINDOWS\unins000.dat 2007-01-26 03:19 129784————- C:\WINDOWS\system32\pxafs.dll 2007-01-26 03:19 118520————- C:\WINDOWS\system32\pxinsi64.exe 2007-01-26 03:19 116472————- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-23 21:29 2906—a———C:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avast!”=“C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe” “Zone Labs Client”=”\“C:\\Programmer\\Zone Labs\\ZoneAlarm\\zlclient.exe\”“ “NeroFilterCheck”=“C:\\Programmer\\Fælles filer\\Ahead\\Lib\\NeroCheck.exe” “SystemGuardAlerter”=”\“f:\\Programmer\\iolo\\System Mechanic Professional 6\\SystemGuardAlerter.exe\”“ “ioloDelayModule”=“f:\\Programmer\\iolo\\System Mechanic Professional 6\\delay.exe” “ATICCC”=”\“C:\\Programmer\\ATI Technologies\\ATI.ACE\\CLIStart.exe\”“ “PWRISOVM.EXE”=“C:\\Programmer\\PowerISO\\PWRISOVM.EXE” “type32”=”\“C:\\Programmer\\Microsoft IntelliType Pro\\type32.exe\”“ “DAEMON Tools”=”\“C:\\Programmer\\DAEMON Tools\\daemon.exe\” -lang 1033” “TkBellExe”=”\“C:\\Programmer\\Fælles filer\\Real\\Update_OB\\realsched.exe\” -osboot” “IntelliPoint”=”\“C:\\Programmer\\Microsoft IntelliPoint\\ipoint.exe\”“ “DefragTaskBar”=”\“f:\\Programmer\\Ashampoo\\Ashampoo Magical Defrag 2\\bin\\defragTaskBar.exe\”“ “LocalCooling”=”\“C:\\Programmer\\LocalCooling\\localcooling.exe\” -s” “ZoneAlarm Client”=”\“C:\\Programmer\\Zone Labs\\ZoneAlarm\\zlclient.exe\”“ “SPAMfighter Agent”=”\“C:\\Programmer\\SPAMfighter\\SFAgent.exe\” update delay 60” “CTSysVol”=“C:\\Programmer\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r” “LXCFCATS”=“rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16” “CloneCDTray”=”\“C:\\Programmer\\SlySoft\\CloneCD\\CloneCDTray.exe\” /s” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”\“C:\\Programmer\\Fælles filer\\Ahead\\lib\\NMBgMonitor.exe\”“ “SMSystemAnalyzer”=”\“f:\\Programmer\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\”“ “ctfmon.exe”=“C:\\WINDOWS\\system32\\ctfmon.exe” “Steam”=”“ [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{54D9498B-CF93-414F-8984-8CE7FDE0D391}”=“ewido shell guard” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=”“ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12d41eea-7696-11db-a706-0020ed97160c}] Shell\AutoRun\command G:\.\Autorun\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e3cf60-c36d-11db-a7ef-0020ed97160c}] Shell\1\Command .\RECYCLER\RECYCLER\autorun.exe Shell\2\Command .\RECYCLER\RECYCLER\autorun.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a511fd8c-c8f0-11db-a800-0020ed97160c}] Shell\1\Command .\RECYCLER\RECYCLER\autorun.exe Shell\2\Command .\RECYCLER\RECYCLER\autorun.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job C:\WINDOWS\tasks\MP Scheduled Scan.job ****************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-04-20 17:11:27 C:\ComboFix-quarantined-files.txt ... 07-04-20 17:11 C:\ComboFix2.txt ... 07-04-19 20:59
[ Ignorer ] [ # 15 ] Ejvindh
21.04.2007 01:08:37 Redaktør Team Spywarefri Antal indlæg: 6048	Det ser faktisk ganske udmærket ud. Der ligger dog noget, der ligner en rest fra en gammel vundo-infektion, som jeg lige synes vi skal forsøge at få væk. —Hent VirtumundoBeGone, gem det på skrivebordet: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start. Når den spørger om du vil fortsætte, klik på Yes for at køre fixet. Klik så på Save log. Det sker sommetider at fixet afslutter med “BSOD”(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen. Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind. —Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind: ——————————————- Files to delete: C:\WINDOWS\system32\nnnmp.bak1 C:\WINDOWS\system32\uvvwa.bak1 C:\WINDOWS\system32\jjllm.bak1 C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stvwa.bak1 C:\WINDOWS\system32\aa895cee54.sys ——————————————- —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. —Endelig må du også gerne lave en ny logfil med Gmer, som du lægger herind til gennemsyn. —Skriv også gerne om computeren kører bedre nu?

1 af 3

Næste