Okay tak for det :) nu fik jeg at det på plads og lukket trådene!
Jeg har gennemgået de processer der stod om i artiklen og har fået en god del log ud af det. Jeg poster den her og håber jeg er så heldig at du, eller en anden kan tyde lide mere ud fra det end jeg selv kan.
Det erlige værd at nævne at min PC er begyndt at virke betydeligt meget bedre igen så det ser ud til at virke, men den er stadig ikke helt på toppen.. Ud over det får jeg 2 dialogboxe når windows starter:
RUNDLL
Fejl under indlæsning af C:\WINDOWS\system32\kkjbxswe.dll
Det angivne modul blev ikke fundet
Et identisk vindue popper op men med filen rfkmgyoe.dll.
Jeg går ud fra der stadig er et eller andet der prøver at kalde trojanerene frem
jeg har scannet med superantispyware 3 gange, her er de 2 første logs. den sidste var tom HURRA! :)
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/30/2008 at 02:50 AM
Application Version : 4.1.1046
Core Rules Database Version : 3471
Trace Rules Database Version: 1462
Scan type : Quick Scan
Total Scan Time : 00:11:01
Memory items scanned : 403
Memory threats detected : 4
Registry items scanned : 403
Registry threats detected : 19
File items scanned : 7467
File threats detected : 13
Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\KKJBXSWE.DLL
C:\WINDOWS\SYSTEM32\KKJBXSWE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23601703-6217-46d1-9181-4e6383c1108c}
HKCR\CLSID\{23601703-6217-46D1-9181-4E6383C1108C}
HKCR\CLSID\{23601703-6217-46D1-9181-4E6383C1108C}\InprocServer32
HKCR\CLSID\{23601703-6217-46D1-9181-4E6383C1108C}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F28DD8DB-D370-48D8-B8A2-A8E773573850}
HKCR\CLSID\{F28DD8DB-D370-48D8-B8A2-A8E773573850}
HKCR\CLSID\{F28DD8DB-D370-48D8-B8A2-A8E773573850}\InprocServer32
HKCR\CLSID\{F28DD8DB-D370-48D8-B8A2-A8E773573850}\InprocServer32#ThreadingModel
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\wvUoNDTN
C:\WINDOWS\SYSTEM32\BYXQIAWU.DLL
C:\WINDOWS\SYSTEM32\BYXRIJKJ.DLL
C:\WINDOWS\SYSTEM32\FCCBXNDS.DLL
C:\WINDOWS\SYSTEM32\LJJBSTLI.DLL
C:\WINDOWS\SYSTEM32\MLJATQIF.DLL
C:\WINDOWS\SYSTEM32\RFKMGYOE.DLL
C:\WINDOWS\SYSTEM32\VTUOONFY.DLL
Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\WVUONDTN.DLL
C:\WINDOWS\SYSTEM32\WVUONDTN.DLL
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\RQRLDASS.DLL
C:\WINDOWS\SYSTEM32\RQRLDASS.DLL
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\JCDBCDIW.DLL
C:\WINDOWS\SYSTEM32\JCDBCDIW.DLL
Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}\InprocServer32
HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{99972D1B-964E-49EC-92F4-1EB39F4810A5}
HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
Adware.Tracking Cookie
C:\Documents and Settings\SpoonY\Cookies\spoony@fastclick[2].txt
C:\Documents and Settings\SpoonY\Cookies\spoony@82.98.235[1].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-436374069-1383384898-839522115-1006\Software\Microsoft\rdfa
Superantispyware log 2:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/30/2008 at 03:37 AM
Application Version : 4.1.1046
Core Rules Database Version : 3471
Trace Rules Database Version: 1462
Scan type : Complete Scan
Total Scan Time : 00:30:36
Memory items scanned : 363
Memory threats detected : 1
Registry items scanned : 7236
Registry threats detected : 5
File items scanned : 28483
File threats detected : 1
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\RQRLDASS.DLL
C:\WINDOWS\SYSTEM32\RQRLDASS.DLL
Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28F7CC69-97D4-4937-A9C6-F93C8AC5CB6B}
HKCR\CLSID\{28F7CC69-97D4-4937-A9C6-F93C8AC5CB6B}
HKCR\CLSID\{28F7CC69-97D4-4937-A9C6-F93C8AC5CB6B}\InprocServer32
HKCR\CLSID\{28F7CC69-97D4-4937-A9C6-F93C8AC5CB6B}\InprocServer32#ThreadingModel
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\RemoveRP
Og her er ressultaterne fra Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:41, on 30-05-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\DesktopEarth\DesktopEarth.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\distnoted.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Programmer\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Programmer\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmer\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Programmer\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM2b42128c] Rundll32.exe "C:\WINDOWS\system32\rfkmgyoe.dll",s
O4 - HKLM\..\Run: [28712110] rundll32.exe "C:\WINDOWS\system32\kkjbxswe.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O8 - Extra context menu item: Append to existing PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmer\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184964327815O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
--
End of file - 9945 bytes
Og til sidst combofix loggen:
ComboFix 08-05-29.1 - SpoonY 2008-05-30 15:42:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1489 [GMT 2:00]
Running from: C:\Documents and Settings\SpoonY\Skrivebord\Anticrap\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.
2008-05-30 14:47 . 2008-05-30 14:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-30 14:40 . 2008-05-30 14:40 <DIR> d-------- C:\Programmer\CCleaner
2008-05-30 03:59 . 2008-05-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-30 03:59 . 2008-05-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-05-30 03:38 . 2008-05-30 03:38 <DIR> d-------- C:\VundoFix Backups
2008-05-30 02:38 . 2008-05-30 02:38 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-05-30 02:38 . 2008-05-30 02:38 <DIR> d-------- C:\Documents and Settings\SpoonY\Application Data\SUPERAntiSpyware.com
2008-05-30 02:38 . 2008-05-30 02:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-30 02:37 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-30 01:04 . 2008-05-30 15:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-30 00:12 . 2008-05-30 00:12 370,176 --------- C:\WINDOWS\system32\awtroNFw.dll_old
2008-05-29 02:55 . 2008-05-29 02:55 <DIR> d-------- C:\WINDOWS\Little Farm
2008-05-29 02:55 . 2008-05-30 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-05-29 02:53 . 2008-05-29 02:53 <DIR> d-------- C:\Extracted
2008-05-28 00:08 . 2008-05-28 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-05-27 23:05 . 2008-05-27 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-19 10:46 . 2008-05-19 10:46 <DIR> d-------- C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-05-19 10:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-19 10:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-19 10:13 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-18 21:48 . 2008-05-19 10:12 <DIR> d-------- C:\Documents and Settings\SpoonY\Contacts
2008-05-18 21:26 . 2008-05-18 21:30 <DIR> d-------- C:\Programmer\Windows Live
2008-05-18 21:26 . 2008-05-18 21:30 <DIR> d--hsc--- C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-05-18 21:25 . 2008-05-18 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-18 20:37 . 2008-05-18 20:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-18 20:33 . 2008-05-18 20:33 <DIR> d-------- C:\WINDOWS\system32\da
2008-05-18 20:33 . 2008-05-18 20:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-15 23:55 . 2008-05-15 23:55 230 --a------ C:\config.xml
2008-05-13 14:56 . 2008-05-13 14:56 <DIR> d-------- C:\Programmer\XBCD 360
2008-05-08 15:37 . 2008-05-08 15:37 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-05-08 15:37 . 2008-05-08 15:37 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-05-08 15:19 . 2007-02-27 03:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-05-08 15:19 . 2007-08-28 17:05 55,808 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2008-05-06 02:29 . 2008-05-06 02:29 <DIR> d-------- C:\Documents and Settings\SpoonY\Application Data\Touchstone
2008-05-06 02:23 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-06 02:23 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-06 02:23 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-06 02:23 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-06 02:23 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-06 02:23 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-05 23:57 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-05 23:57 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-05 23:57 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-05 23:57 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-05 23:57 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-05 23:57 . 2006-07-01 23:56 38,912 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-05 23:38 . 2005-06-10 22:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
2008-05-05 23:38 . 2004-06-26 13:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2008-05-05 23:38 . 2004-06-26 13:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
2008-05-05 23:38 . 2004-06-26 13:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
2008-05-05 23:38 . 2008-05-05 23:38 17 --a------ C:\WINDOWS\system32\'
2008-05-03 00:36 . 2008-05-03 00:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-20 16:08 . 2008-04-20 16:08 <DIR> d-------- C:\Programmer\Google
2008-04-19 06:18 . 2008-04-28 13:42 <DIR> d-------- C:\Programmer\iLiberty
2008-04-08 00:38 . 2008-04-08 00:38 <DIR> d-------- C:\Documents and Settings\SpoonY\Application Data\Jane s Hotel Family Hero
2008-04-08 00:20 . 2008-04-08 00:20 <DIR> d-------- C:\Programmer\iTunes
2008-04-08 00:20 . 2008-04-08 00:20 <DIR> d-------- C:\Programmer\iPod
2008-04-06 22:48 . 2008-05-14 15:15 <DIR> d-------- C:\Programmer\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 13:42 --------- d-----w C:\Documents and Settings\SpoonY\Application Data\uTorrent
2008-05-30 13:30 --------- d-----w C:\Documents and Settings\SpoonY\Application Data\WTablet
2008-05-30 13:21 --------- d-----w C:\Programmer\DesktopEarth
2008-05-30 13:15 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 3
2008-05-30 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-30 00:38 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-29 22:56 --------- d-----w C:\Programmer\Bonjour
2008-05-19 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 14:15 --------- d-----w C:\Programmer\TagRename
2008-05-13 13:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-13 12:40 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-05-09 14:05 --------- d-----w C:\Programmer\Winamp
2008-05-09 14:05 --------- d-----w C:\Documents and Settings\SpoonY\Application Data\Winamp
2008-05-08 03:20 --------- d-----w C:\Documents and Settings\SpoonY\Application Data\PlayFirst
2008-05-08 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-05 22:37 98,304 ----a-w C:\WINDOWS\DUMP7e77.tmp
2008-05-05 22:25 98,304 ----a-w C:\WINDOWS\DUMPb4aa.tmp
2008-05-02 21:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 16:20 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:09 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:05 998,400 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 16:04 759,296 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 16:03 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:03 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-14 16:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:03 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:03 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:46 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:46 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:46 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:46 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:46 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:45 2,191,616 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:44 4,096 ------w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:44 2,068,480 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:43 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:43 153,600 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:42 83,456 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:42 77,824 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:42 24,832 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:42 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 15:41 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:41 40,192 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:41 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:40 559,104 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:40 49,152 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:39 64,768 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:39 52,864 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:38 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:38 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:38 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:37 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:37 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:37 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:37 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:36 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:36 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:36 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:35 41,600 ------w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:35 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:34 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:34 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:34 188,032 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 10:53 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-14 10:53 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-14 07:06 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 07:05 995,328 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 07:05 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
"uTorrent"="C:\Programmer\uTorrent\uTorrent.exe" [2008-01-30 23:53 219952]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"nod32kui"="C:\Programmer\Eset\nod32kui.exe" [2007-09-10 14:32 949376]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"WireLessKeyboard "="C:\Programmer\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:44 217088]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BM2b42128c"="C:\WINDOWS\system32\rfkmgyoe.dll" [ ]
"28712110"="C:\WINDOWS\system32\kkjbxswe.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:05 15360]
C:\Documents and Settings\SpoonY\Menuen Start\Programmer\Start\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\SpoonY\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-18 14:23:12 29926]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2005-09-18 02:32 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmer\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmer\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmer\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 12:40]
R3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-01-15 03:39]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 10:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-30 15:43:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-30 15:44:57
ComboFix-quarantined-files.txt 2008-05-30 13:44:20
ComboFix2.txt 2008-05-30 13:39:33
Pre-Run: 6,698,110,976 byte ledig
Post-Run: 6,685,519,872 byte ledig
255
Det var så det hele. Tusind tak for hjælpen indtil nu! du kan lægge et svar og få point :)
