1. Dator och IT
  2. Programvara: Windows

systems.dll-filen saknas!

Svara
2007-08-30, 16:14
  #25
momo79
Medlem
momo79s avatar
End of report
Citera
2007-08-30, 16:17
  #26
momo79
Medlem
momo79s avatar
Det var allt.
Citera
2007-08-30, 16:30
  #27
927
Medlem
927s avatar
gr en scan med blacklight, jag tror inte nt hittas
http://www.softpedia.com/get/Antivir...etection.shtml
Citera
2007-08-30, 16:46
  #28
momo79
Medlem
momo79s avatar
Hittade inget *suck*

Fr se om jag orkar installera om Windows ngon gng, tveksam, vet inte ens om jag har programet p skiva.

Tack fr hjlpen nd.
Citera
2007-08-30, 19:18
  #29
927
Medlem
927s avatar
det hr r verkligen mystiskt, fr att du ska kunna f detta meddelande s mste det finns en instllning i registret att en fil ska starta med windows och att filen r borta. tar man bort eller ndrar instllningen s fr du inte upp nt meddelande. den instllningen skulle isf funnits med i startupp loggen, r du helt sker p att det str systems.dll? vilken mapp str innan dll filen?

du kan kra detta program, det rttar till en del instllningar i registret och sker ven efter malware
http://downloads.andymanchesta.com/R...ools/SDFix.exe
spara SDFix.exe p skrivbordet >klicka p SDFix.exe >sdfixen packas upp hr: C:\SDFix.
starta om i felskert lge (F8) >g hit: C:\SDFix >klicka p runthis.bat >vlj y.
nr scanningen r klar s tryck p valfri tangent fr att starta om.
nr det str finished s tryck p valfri tangent. en logg kommer automatiskt att visas (C:\SDFix\report.txt), kopiera in loggen hr.
Citera
2007-08-30, 19:52
  #30
momo79
Medlem
momo79s avatar
"fr att du ska kunna f detta meddelande s mste det finns en instllning i registret att en fil ska starta med windows och att filen r borta. tar man bort eller ndrar instllningen s fr du inte upp nt meddelande"

Ja, exakt! Det mste vl vara detta malware som ndrade ngot i registret. Hur detta gick till har jag ingen aning om. S hr str det ordagrant i meddelandet jag fr upp:


"Det gick inte att lsa in c:\documents and settings\(mitt namn)\mina dokument\min musik2\wolf parade\systems.dll

Det gr inte att hitta den angivna modulen"


Som jag skrev i ett tidigare inlgg r mappen "wolf parade" den mapp som alla filer jag laddar ner frn internet hamnar i.

Ska ladda ner programmet du rec nu.
Citera
2007-08-30, 21:01
  #31
momo79
Medlem
momo79s avatar
sdfix logg:


SDFix: Version 1.101

Run by on 2007-08-30 at 20:48

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
EXAMPLE1

ImagePath:
\??\C:\WINDOWS\System32\ksys.sys

EXAMPLE1 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\~1\LOKALA~1\Temp\abc123.pid - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished
Citera
2007-08-30, 22:18
  #32
927
Medlem
927s avatar
en dold tjnst och nnu en rootkit fil.... kan du ha klickat p denna dll fil?

vi testar med annat rtt s aggressivt program eftersom det tydligen inte r rent n, spara p skrivbordet, kr programmet och flj anvisningarna. va beredd p att datorn kommer startas om. rr helst inget p datorn nr programmet scannar
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Citera
2007-08-30, 22:46
  #33
momo79
Medlem
momo79s avatar
combofix logg:


ComboFix 07-08-30.3 - "" 2007-08-30 22:39:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1053.18.145 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-30 22:38 51,200 --a------ C:\Windows\nircmd.exe
2007-08-30 20:47 <KAT> d-------- C:\Windows\ERUNT
2007-08-30 15:02 <KAT> d-------- C:\Rustbfix
2007-08-28 21:24 <KAT> d-------- C:\Program\Trend Micro
2007-08-28 18:07 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-28 18:06 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-08-28 18:06 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-08-28 18:06 <KAT> d-------- C:\DOCUME~1\SALIMG~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-14 20:27 <KAT> d-------- C:\Program\iPod
2007-08-14 20:21 <KAT> d-------- C:\Program\Apple Software Update
2007-08-14 20:21 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-31 15:24 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-30 19:19 203,096 --a------ C:\Windows\system32\wuweb.dll
2007-07-30 19:18 207,736 --a------ C:\Windows\system32\muweb.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-30 22:30 --------- d-------- C:\Program\Soulseek
2007-08-30 20:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
2007-08-30 17:10 --------- d-------- C:\DOCUME~1\SALIMG~1\APPLIC~1\uTorrent
2007-08-27 23:55 --------- d-------- C:\Program\MyWay
2007-08-14 20:27 --------- d-------- C:\Program\iTunes
2007-08-14 20:24 --------- d-------- C:\Program\QuickTime
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.ex e" []
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 23:48 C:\Windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 15:00 C:\Windows\AGRSMMSG.exe]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe " [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 14:00]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SU PERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\SALIMG~1\START-~1\Program\AUTOST~1\
Microsoft Office Snabbskning.lnk - C:\Program\Microsoft Word 97\Office\FINDFAST.EXE [1997-02-10]
Office-autostart.lnk - C:\Program\Microsoft Word 97\Office\OSA.EXE [1997-02-10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\drivers\avgn tmgr.sys
R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\System32\drivers\NDIS_RD.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntd d.sys
R1 sdcplh;sdcplh;C:\WINDOWS\System32\drivers\sdcplh.s ys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys
R2 Ndiskio;Ndiskio;\??\C:\NORMAN\Nvc\NSE\NDISKIO.SYS
R3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
R3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl5 1.sys
R3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft5 1.sys
R3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc5 1.sys
R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\System32\DRIVERS\PRISMA00.sys
S3 55cce156-0eee-4ad4-9977-f6c6ed53497f;55cce156-0eee-4ad4-9977-f6c6ed53497f;\??\E:\Player\cds300.dll

*Newly Created Service* - ALG
*Newly Created Service* - CATCHME
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-16 18:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program\Apple Software Update\SoftwareUpdate.exe
2007-08-28 22:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-29 08:00:00 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-29 10:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 12:00:00 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 13:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 14:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 15:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 16:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 23:01:00 C:\WINDOWS\Tasks\At2.job
2007-08-28 17:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 17:59:59 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 19:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-30 20:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-28 21:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\k1qnIhv5.exe
2007-08-27 13:39:51 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\System32\k1qnIhv5.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 22:41:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-30 22:42:34
C:\ComboFix-quarantined-files.txt ... 2007-08-30 22:42

--- E O F ---
Citera
2007-08-30, 23:00
  #34
927
Medlem
927s avatar
kolla om du hittar den hr filen
C:\WINDOWS\System32\k1qnIhv5.exe

skicka upp den hit och posta loggen samt dom raderna under loggen
http://www.virustotal.com/sv/

det r ju malware men jag r lite nyfiken p vilken typ det r

den hr mappen kan du ta bort
C:\Program\MyWay
Citera
2007-08-30, 23:45
  #35
momo79
Medlem
momo79s avatar
Den enda jag hittade hette lite annorlunda och lg i en annan mapp.

C:\windows\prefetch\K1QNIHV5.EXE-05E8D265.pf

Logg:

Fil K1QNIHV5.EXE-05E8D265.pf mottagen 2007.08.30 23:33:01 (CET)
Nrvarande status: genomfrd

Resultat: 0/31 (0%)



Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2007.8.31.0 2007.08.30 -
AntiVir 7.4.1.66 2007.08.30 -
Authentium 4.93.8 2007.08.29 -
Avast 4.7.1029.0 2007.08.30 -
AVG 7.5.0.484 2007.08.30 -
BitDefender 7.2 2007.08.30 -
CAT-QuickHeal 9.00 2007.08.30 -
ClamAV 0.91.2 2007.08.30 -
DrWeb 4.33 2007.08.30 -
eSafe 7.0.15.0 2007.08.29 -
eTrust-Vet 31.1.5095 2007.08.30 -
Ewido 4.0 2007.08.30 -
FileAdvisor 1 2007.08.30 -
Fortinet 3.11.0.0 2007.08.30 -
F-Prot 4.3.2.48 2007.08.29 -
F-Secure 6.70.13030.0 2007.08.30 -
Ikarus T3.1.1.12 2007.08.30 -
Kaspersky 4.0.2.24 2007.08.30 -
McAfee 5109 2007.08.30 -
Microsoft 1.2803 2007.08.30 -
NOD32v2 2492 2007.08.30 -
Norman 5.80.02 2007.08.30 -
Panda 9.0.0.4 2007.08.29 -
Rising 19.38.32.00 2007.08.30 -
Sophos 4.21.0 2007.08.30 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.30 -
TheHacker 6.1.9.175 2007.08.30 -
VBA32 3.12.2.3 2007.08.30 -
VirusBuster 4.3.26:9 2007.08.30 -
Webwasher-Gateway 6.0.1 2007.08.30 -

vrig information
File size: 17322 bytes
MD5: 67984f2b22d67f915a29bde750b12961
SHA1: d1a8b04a37c55be6573d51938f35023df6200a13
Citera
2007-08-31, 00:20
  #36
927
Medlem
927s avatar
det r inte rtt fil, frhoppningsvis finns inte den riktiga

ppna schemalggaren och radera alla jobb dr
Citera
Svara

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Det är enkelt att registrera ett nytt konto

Bli medlem

Logga in

Har du redan ett konto? Logga in här

Logga in