Hade smittad dator - är allt borta nu? Hijackthislog finns

2008-03-27, 04:20 #1

Medlem

Reg: Mar 2006

Inlägg: 31

Hej,

märkte tidigare idag att datorn blev lite segare samt att vissa popups dök upp självmant när man inte surfade och IE kraschade stup i kvarten.

Tog då fram Spybot Search and Destroy programmet. Efter lite sökning fann den virtumonde.dll och win32.vb.jl.

Spybot tog bort dessa filer, därefter körde jag Ad-Aware och den hittade ingenting. Men för att vara på den säkra sidan så skulle det vara skönt om någon kunde hjälpa mig tyda min Hijackthislog.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:27 , on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\service.exe
C:\Program\Ad-Aware\aawservice.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25323E34-E260-4F2B-9EF6-67F0DA89A7A6} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\ddcdday.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A24F5392-0542-4B62-8FDD-A6A61E9D4DD9} - C:\WINDOWS\system32\ddayv.dll (file missing)
O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winupdater] C:\WINDOWS\system32:svchost.exe
O4 - HKLM\..\Run: [Windows Update] service.exe
O4 - HKLM\..\Run: [8410c6f1] rundll32.exe "C:\WINDOWS\system32\lkeikhap.dll",b
O4 - HKLM\..\RunServices: [Windows Update] service.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3229] command /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2160] cmd /c del "C:\WINDOWS\system32\pmkjh.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update] service.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ddcdday - C:\WINDOWS\SYSTEM32\ddcdday.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5150 bytes

Tack i förhand!

Citera

2008-03-27, 04:52 #2

Medlem

Reg: Jul 2007

Inlägg: 1 390

O4 - HKCU\..\Run: [Windows Update] service.exe
O20 - Winlogon Notify: ddcdday - C:\WINDOWS\SYSTEM32\ddcdday.dll
Inte nödvändig längre
O4 - HKLM\..\RunOnce: [SpybotDeletingC2160] cmd /c del "C:\WINDOWS\system32\pmkjh.dll_old"

C:\WINDOWS\system32\service.exe
Kontrollera den här filen på http://www.virustotal.com
ta bort filen om det inte är bra, skall ej blandas med services.exe

Genomsök med SuperAntiSpyware
http://www.superantispyware.com/

Glöm inte starta om datorn efteråt, och sen ladda ner smitfraudfix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
välj alternativ 1 och posta loggen som kommer upp

Citera

2008-03-27, 15:15 #3

Medlem

Reg: Mar 2006

Inlägg: 31

Hej,

Först och främst vill jag tacka för din hjälp!

Började med att leta efter service.exe i system32 mappen och jag kan helt enkelt inte hitta det någonstans.

Körde igång SUPERantispyware programmet, den fann MASSVIS med olika filer såsom Adaware vundo variant, trojan winfixer etc. Tog bort dem och startade om datorn. Scannade igen och det såg ut som allt hade löst sig.

Men icke, denna bild dök upp efter någon minut:
http://www.fileshack.us/get_file.php?id=287993&file=bild.jpg

Efter att påbörjat scan igen så fann den massvis med grejer igen och det brukar vara dessa filer den finner:

Adaware Vundo Variant /Resident
Adaware Vundo Variant /Small-A
Trojan-WinFixer

Lägger ut en HiJackThis log och SmitFraudlog ifall det hjälper:

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:17 , on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\Adobe\Updater\AdobeUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winupdater] C:\WINDOWS\system32:svchost.exe
O4 - HKLM\..\Run: [Windows Update] service.exe
O4 - HKLM\..\Run: [BM8723f56d] Rundll32.exe "C:\WINDOWS\system32\ppdlsrjo.dll",s
O4 - HKLM\..\Run: [8410c6f1] rundll32.exe "C:\WINDOWS\system32\ntqxyddi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4178 bytes

SmitFraudlog

SmitFraudFix v2.309

Scan done at 15:12:03,89, 2008-03-27
Run from C:\Documents and Settings\Digzka\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\Adobe\Updater\AdobeUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Digzka

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Digzka\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Digzka\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="Min aktuella startsida"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Miniport för paketschemaläggning
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Tack ännu en gång!

Citera

2008-03-27, 15:35 #4

Medlem

Reg: Mar 2007

Inlägg: 12 238

problemet är ju att du har inget antivirusprogram, scanna i forsättningen med superantispyware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
installera programmet och klicka på scanna när du ser den knappen.
klicka på visa resultat >ta bort markerade, nu visas en logg som du postar

om du blir ombedd att starta om och jag vet inte om loggen automatiskt visas efter uppstart men den finns ju i programmet under loggar

Citat:

därefter körde jag Ad-Aware och den hittade ingenting

avinstallera skiten, som du märker så är det ju värdelöst

__________________
Senast redigerad av 927 2008-03-27 kl. 15:40.

Citera

2008-03-27, 17:07 #5

Medlem

Reg: Mar 2006

Inlägg: 31

Avinstallerat skiten!

Körde igång Anti-malwarebytes programmet och den tog bort 80 stycken av..någonting. Glömde dock spara loggen...körde in Anti-malwareprogrammet och den fann lite saker:

Citera

2008-03-27, 18:49 #6

Medlem

Reg: Mar 2007

Inlägg: 12 238

så du har alltså kört antimalwarebyte två ggr och jag har för mig att loggarna sparas automatiskt men iaf så i den loggen man ser så har du ju inte klickat på ta bort markerade. scanna mappen system32 igen, ta bort det som hittas, starta om och posta en ny HJT logg

Citera

2008-03-27, 23:34 #7

Medlem

Reg: Mar 2006

Inlägg: 31

Du hade givetvis rätt! Loggen sparades automatiskt, här kommer den ALLRA första:

Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 113532
Förfluten tid: 20 minute(s), 15 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 3
Infekterade registernycklar: 18
Infekterade registervärden: 1
Infekterade registerdataposter: 2
Infekterade mappar: 0
Infekterade filer: 6

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\WINDOWS\system32\mllml.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wfobhxla.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcdday.dll (Trojan.Vundo) -> Unloaded module successfully.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{720ce7a4-33dc-421e-81c3-7c2f368893d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{720ce7a4-33dc-421e-81c3-7c2f368893d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Rogue.WinFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1547c52-09f1-4f49-9b52-58f3253a1119} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3055295a-ccdd-44b2-9f73-d8e8e626e5c1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3055295a-ccdd-44b2-9f73-d8e8e626e5c1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdday (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{3055295a-ccdd-44b2-9f73-d8e8e626e5c1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mllml.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mllml.dll -> Quarantined and deleted successfully.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\system32\mllml.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lmllm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmllm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfobhxla.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\alxhbofw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcdday.dll (Trojan.Vundo) -> Delete on reboot.

Den här gjorde jag nyss (3:e scan). Ser ut att vara i sin ordning?

Den 2:a finns i min föregående post.
Postar med HiJackThislog också:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:58 , on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winupdater] C:\WINDOWS\system32:svchost.exe
O4 - HKLM\..\Run: [Windows Update] service.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program\Poker\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C5BD9A-D4D8-4D15-AE3E-CAC693EFF399}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4798 bytes

Citera

2008-03-28, 00:01 #8

Medlem

Reg: Mar 2007

Inlägg: 12 238

ja det är ok så långt men inte dom här
O4 - HKLM\..\Run: [Winupdater] C:\WINDOWS\system32:svchost.exe
O4 - HKLM\..\Run: [Windows Update] service.exe

det här har jag aldrig sett förut, jag antar att det är ett långt filnamn: system32:svchost.exe

vi måste kolla med det här programmet
http://www.suspectfile.com/systemscan/

spara filen på skrivbordet och öppna den. sätt en bock i rutan >proceed >klicka på unselect all >bocka för recent files och välj 30 >klicka på scan now. posta den loggen här

Citera

2008-03-28, 00:17 #9

Medlem

Reg: Mar 2006

Inlägg: 31

Var tvungen att dela upp det i 3 delar hoppas det är okej ändå:

SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Digzka\Skrivbord\sys96576.exe
Running in: User mode
Date: 2008-03-28
Time: 00:12:43

Output limited to:
-Recent files

===================== Recent files (30 days old) =====================

----- recent files in C:\
26-03-2008 14:03:14 211 byte 2 days old -- boot.ini
27-03-2008 18:17:11 (DIR) 0 byte 1 days old -- Downloads
27-03-2008 18:24:25 3928 byte 1 days old -- rapport.txt
27-03-2008 18:42:51 (DIR) 0 byte 1 days old -- Program
27-03-2008 18:49:49 (DIR) 0 byte 1 days old -- Config.Msi
27-03-2008 22:14:51 1610612736 byte 1 days old -- pagefile.sys
27-03-2008 22:15:06 (DIR) 0 byte 1 days old -- WINDOWS
28-03-2008 00:12:43 (DIR) 0 byte 0 days old -- suspectfile
05-03-2008 12:01:24 (DIR) 0 byte 23 days old -- Program Files

----- recent files in C:\WINDOWS\
25-03-2008 02:39:48 (DIR) 0 byte 3 days old -- system
26-03-2008 14:03:14 227 byte 2 days old -- system.ini
26-03-2008 16:15:27 1696 byte 2 days old -- mozver.dat
26-03-2008 23:49:53 1409 byte 2 days old -- QTFont.for
26-03-2008 23:49:53 54156 byte 2 days old -- QTFont.qfn
27-03-2008 02:19:32 69 byte 1 days old -- NeroDigital.ini
27-03-2008 02:52:06 691545 byte 1 days old -- unins000.exe
27-03-2008 02:52:18 2539 byte 1 days old -- unins000.dat
27-03-2008 03:35:45 261 byte 1 days old -- wininit.ini
27-03-2008 13:09:27 587 byte 1 days old -- win.ini
27-03-2008 13:10:06 0 byte 1 days old -- setuperr.log
27-03-2008 13:10:06 60 byte 1 days old -- setupact.log
27-03-2008 15:08:07 140309 byte 1 days old -- BM8723f56d.xml
27-03-2008 15:31:47 22 byte 1 days old -- pskt.ini
27-03-2008 15:32:17 1888 byte 1 days old -- BM8723f56d.txt
27-03-2008 17:46:12 5280 byte 1 days old -- DPINST.LOG
27-03-2008 17:55:40 (DIR) 0 byte 1 days old -- $NtUninstallKB898461$
27-03-2008 17:55:43 6794 byte 1 days old -- KB898461.log
27-03-2008 18:00:03 8910 byte 1 days old -- WgaNotify.log
27-03-2008 18:00:59 (DIR) 0 byte 1 days old -- security
27-03-2008 18:03:29 (DIR) 0 byte 1 days old -- Downloaded Program Files
27-03-2008 18:05:30 26453 byte 1 days old -- KB892130.log
27-03-2008 18:29:41 21607 byte 1 days old -- setuplog.txt
27-03-2008 18:38:20 (DIR) 0 byte 1 days old -- $NtUninstallKB873339$
27-03-2008 18:38:23 16075 byte 1 days old -- KB873339.log
27-03-2008 18:38:24 (DIR) 0 byte 1 days old -- $NtUninstallKB886185$
27-03-2008 18:38:25 12386 byte 1 days old -- KB886185.log
27-03-2008 18:38:26 (DIR) 0 byte 1 days old -- $NtUninstallKB885836$
27-03-2008 18:38:28 16084 byte 1 days old -- KB885836.log
27-03-2008 18:38:29 (DIR) 0 byte 1 days old -- $NtUninstallKB888302$
27-03-2008 18:38:30 16562 byte 1 days old -- KB888302.log
27-03-2008 18:38:31 (DIR) 0 byte 1 days old -- $NtUninstallKB891781$
27-03-2008 18:38:33 16627 byte 1 days old -- KB891781.log
27-03-2008 18:38:34 (DIR) 0 byte 1 days old -- $NtUninstallKB885835$
27-03-2008 18:38:36 17733 byte 1 days old -- KB885835.log
27-03-2008 18:38:37 (DIR) 0 byte 1 days old -- $NtUninstallKB896428$
27-03-2008 18:38:39 17638 byte 1 days old -- KB896428.log
27-03-2008 18:38:40 (DIR) 0 byte 1 days old -- $NtUninstallKB901214$
27-03-2008 18:38:41 18769 byte 1 days old -- KB901214.log
27-03-2008 18:38:42 (DIR) 0 byte 1 days old -- $NtUninstallKB890859$
27-03-2008 18:38:46 21961 byte 1 days old -- KB890859.log
27-03-2008 18:38:47 (DIR) 0 byte 1 days old -- $NtUninstallKB896358$
27-03-2008 18:38:50 21231 byte 1 days old -- KB896358.log
27-03-2008 18:38:51 (DIR) 0 byte 1 days old -- $NtUninstallKB893756$
27-03-2008 18:38:53 21725 byte 1 days old -- KB893756.log
27-03-2008 18:38:54 (DIR) 0 byte 1 days old -- $NtUninstallKB899591$
27-03-2008 18:38:55 21600 byte 1 days old -- KB899591.log
27-03-2008 18:38:56 (DIR) 0 byte 1 days old -- $NtUninstallKB899587$
27-03-2008 18:38:58 22107 byte 1 days old -- KB899587.log
27-03-2008 18:38:59 (DIR) 0 byte 1 days old -- $NtUninstallKB896423$
27-03-2008 18:39:01 22611 byte 1 days old -- KB896423.log
27-03-2008 18:39:02 (DIR) 0 byte 1 days old -- $NtUninstallKB894391$
27-03-2008 18:39:04 24460 byte 1 days old -- KB894391.log
27-03-2008 18:39:27 (DIR) 0 byte 1 days old -- $NtUninstallKB902400$
27-03-2008 18:39:30 31484 byte 1 days old -- KB902400.log
27-03-2008 18:39:32 (DIR) 0 byte 1 days old -- $NtUninstallKB901017$
27-03-2008 18:39:34 26890 byte 1 days old -- KB901017.log
27-03-2008 18:39:35 (DIR) 0 byte 1 days old -- $NtUninstallKB905414$
27-03-2008 18:39:36 27715 byte 1 days old -- KB905414.log
27-03-2008 18:39:37 (DIR) 0 byte 1 days old -- $NtUninstallKB905749$
27-03-2008 18:39:39 28240 byte 1 days old -- KB905749.log
27-03-2008 18:39:40 (DIR) 0 byte 1 days old -- $NtUninstallKB900725$
27-03-2008 18:39:44 30643 byte 1 days old -- KB900725.log
27-03-2008 18:39:45 (DIR) 0 byte 1 days old -- $NtUninstallKB910437$
27-03-2008 18:39:47 24417 byte 1 days old -- KB910437.log
27-03-2008 18:39:49 29850 byte 1 days old -- KB908519.log
27-03-2008 18:39:49 (DIR) 0 byte 1 days old -- $NtUninstallKB908519$
27-03-2008 18:39:50 (DIR) 0 byte 1 days old -- $NtUninstallKB911927$
27-03-2008 18:39:52 30470 byte 1 days old -- KB911927.log
27-03-2008 18:40:02 (DIR) 0 byte 1 days old -- $NtUninstallKB911564$
27-03-2008 18:40:05 22279 byte 1 days old -- KB911564.log
27-03-2008 18:40:06 (DIR) 0 byte 1 days old -- $NtUninstallKB911562$
27-03-2008 18:40:08 31102 byte 1 days old -- KB911562.log
27-03-2008 18:40:10 (DIR) 0 byte 1 days old -- $NtUninstallKB900485$
27-03-2008 18:40:12 31829 byte 1 days old -- KB900485.log
27-03-2008 18:40:13 (DIR) 0 byte 1 days old -- $NtUninstallKB908531$
27-03-2008 18:40:15 31945 byte 1 days old -- KB908531.log
27-03-2008 18:40:18 (DIR) 0 byte 1 days old -- $NtUninstallKB914389$
27-03-2008 18:40:19 31756 byte 1 days old -- KB914389.log
27-03-2008 18:40:20 (DIR) 0 byte 1 days old -- $NtUninstallKB917344$
27-03-2008 18:40:21 32236 byte 1 days old -- KB917344.log
27-03-2008 18:40:24 (DIR) 0 byte 1 days old -- $NtUninstallKB918439$
27-03-2008 18:40:24 31570 byte 1 days old -- KB918439.log
27-03-2008 18:40:27 (DIR) 0 byte 1 days old -- $NtUninstallKB913580$
27-03-2008 18:40:28 32903 byte 1 days old -- KB913580.log
27-03-2008 18:40:29 (DIR) 0 byte 1 days old -- $NtUninstallKB911280$
27-03-2008 18:40:31 32194 byte 1 days old -- KB911280.log
27-03-2008 18:40:33 (DIR) 0 byte 1 days old -- $NtUninstallKB914388$
27-03-2008 18:40:34 33862 byte 1 days old -- KB914388.log
27-03-2008 18:40:35 (DIR) 0 byte 1 days old -- $NtUninstallKB920670$
27-03-2008 18:40:37 33279 byte 1 days old -- KB920670.log
27-03-2008 18:40:39 (DIR) 0 byte 1 days old -- $NtUninstallKB920683$
27-03-2008 18:40:40 34833 byte 1 days old -- KB920683.log
27-03-2008 18:40:45 (DIR) 0 byte 1 days old -- $NtUninstallKB922582$
27-03-2008 18:40:46 28169 byte 1 days old -- KB922582.log
27-03-2008 18:40:47 (DIR) 0 byte 1 days old -- $NtUninstallKB916595$
27-03-2008 18:40:49 34987 byte 1 days old -- KB916595.log
27-03-2008 18:40:50 (DIR) 0 byte 1 days old -- $NtUninstallKB919007$
27-03-2008 18:40:52 35168 byte 1 days old -- KB919007.log

Citera

2008-03-28, 00:18 #10

Medlem

Reg: Mar 2006

Inlägg: 31

Del 2:

27-03-2008 18:40:54 (DIR) 0 byte 1 days old -- $NtUninstallKB920685$
27-03-2008 18:40:55 35035 byte 1 days old -- KB920685.log
27-03-2008 18:40:58 (DIR) 0 byte 1 days old -- $NtUninstallKB920872$
27-03-2008 18:40:59 36694 byte 1 days old -- KB920872.log
27-03-2008 18:41:00 (DIR) 0 byte 1 days old -- $NtUninstallKB923414$
27-03-2008 18:41:02 35156 byte 1 days old -- KB923414.log
27-03-2008 18:41:04 (DIR) 0 byte 1 days old -- $NtUninstallKB924496$
27-03-2008 18:41:05 35672 byte 1 days old -- KB924496.log
27-03-2008 18:41:06 (DIR) 0 byte 1 days old -- $NtUninstallKB923191$
27-03-2008 18:41:08 33572 byte 1 days old -- KB923191.log
27-03-2008 18:41:10 (DIR) 0 byte 1 days old -- $NtUninstallKB922819$
27-03-2008 18:41:11 36884 byte 1 days old -- KB922819.log
27-03-2008 18:41:14 (DIR) 0 byte 1 days old -- $NtUninstallKB924270$
27-03-2008 18:41:15 37894 byte 1 days old -- KB924270.log
27-03-2008 18:41:17 (DIR) 0 byte 1 days old -- $NtUninstallKB923980$
27-03-2008 18:41:18 38076 byte 1 days old -- KB923980.log
27-03-2008 18:41:19 (DIR) 0 byte 1 days old -- $NtUninstallKB926255$
27-03-2008 18:41:21 37933 byte 1 days old -- KB926255.log
27-03-2008 18:41:23 (DIR) 0 byte 1 days old -- $NtUninstallKB923694$
27-03-2008 18:41:24 38365 byte 1 days old -- KB923694.log
27-03-2008 18:41:26 (DIR) 0 byte 1 days old -- $NtUninstallKB928255$
27-03-2008 18:41:28 39267 byte 1 days old -- KB928255.log
27-03-2008 18:41:30 (DIR) 0 byte 1 days old -- $NtUninstallKB928843$
27-03-2008 18:41:31 39048 byte 1 days old -- KB928843.log
27-03-2008 18:41:33 (DIR) 0 byte 1 days old -- $NtUninstallKB927802$
27-03-2008 18:41:35 38986 byte 1 days old -- KB927802.log
27-03-2008 18:41:36 (DIR) 0 byte 1 days old -- $NtUninstallKB924667$
27-03-2008 18:41:37 37429 byte 1 days old -- KB924667.log
27-03-2008 18:41:39 (DIR) 0 byte 1 days old -- $NtUninstallKB927779$
27-03-2008 18:41:41 42298 byte 1 days old -- KB927779.log
27-03-2008 18:41:43 (DIR) 0 byte 1 days old -- $NtUninstallKB918118$
27-03-2008 18:41:44 41866 byte 1 days old -- KB918118.log
27-03-2008 18:41:46 (DIR) 0 byte 1 days old -- $NtUninstallKB926436$
27-03-2008 18:41:47 41646 byte 1 days old -- KB926436.log
27-03-2008 18:41:50 (DIR) 0 byte 1 days old -- $NtUninstallKB925902$
27-03-2008 18:41:51 43709 byte 1 days old -- KB925902.log
27-03-2008 18:41:54 (DIR) 0 byte 1 days old -- $NtUninstallKB931784$
27-03-2008 18:41:56 44056 byte 1 days old -- KB931784.log
27-03-2008 18:41:57 (DIR) 0 byte 1 days old -- $NtUninstallKB930178$
27-03-2008 18:41:59 43065 byte 1 days old -- KB930178.log
27-03-2008 18:42:00 (DIR) 0 byte 1 days old -- $NtUninstallKB931261$
27-03-2008 18:42:02 42162 byte 1 days old -- KB931261.log
27-03-2008 18:42:03 (DIR) 0 byte 1 days old -- $NtUninstallKB932168$
27-03-2008 18:42:05 43127 byte 1 days old -- KB932168.log
27-03-2008 18:42:06 (DIR) 0 byte 1 days old -- $NtUninstallKB890046$
27-03-2008 18:42:08 42718 byte 1 days old -- KB890046.log
27-03-2008 18:42:10 43148 byte 1 days old -- KB920213.log
27-03-2008 18:42:10 (DIR) 0 byte 1 days old -- $NtUninstallKB920213$
27-03-2008 18:42:12 (DIR) 0 byte 1 days old -- $NtUninstallKB930916$
27-03-2008 18:42:13 42984 byte 1 days old -- KB930916.log
27-03-2008 18:42:14 (DIR) 0 byte 1 days old -- $NtUninstallKB927891$
27-03-2008 18:42:17 34715 byte 1 days old -- KB927891.log
27-03-2008 18:42:18 (DIR) 0 byte 1 days old -- $NtUninstallKB935840$
27-03-2008 18:42:20 43667 byte 1 days old -- KB935840.log
27-03-2008 18:42:21 (DIR) 0 byte 1 days old -- $NtUninstallKB935839$
27-03-2008 18:42:23 44028 byte 1 days old -- KB935839.log
27-03-2008 18:42:32 (DIR) 0 byte 1 days old -- $NtUninstallKB925398_WMP64$
27-03-2008 18:42:33 37098 byte 1 days old -- KB925398.log
27-03-2008 18:42:34 (DIR) 0 byte 1 days old -- $NtUninstallKB938828$
27-03-2008 18:42:35 44661 byte 1 days old -- KB938828.log
27-03-2008 18:42:38 (DIR) 0 byte 1 days old -- $NtUninstallKB938829$
27-03-2008 18:42:39 45226 byte 1 days old -- KB938829.log
27-03-2008 18:42:46 (DIR) 0 byte 1 days old -- $NtUninstallKB936782_WMP9$
27-03-2008 18:42:48 736 byte 1 days old -- wmsetup.log
27-03-2008 18:42:48 36591 byte 1 days old -- KB936782.log
27-03-2008 18:42:52 282628 byte 1 days old -- msxml4-KB936181-enu.LOG
27-03-2008 18:42:53 (DIR) 0 byte 1 days old -- $NtUninstallKB938127$
27-03-2008 18:42:55 44896 byte 1 days old -- KB938127.log
27-03-2008 18:42:56 (DIR) 0 byte 1 days old -- $NtUninstallKB936021$
27-03-2008 18:42:58 45153 byte 1 days old -- KB936021.log
27-03-2008 18:43:05 (DIR) 0 byte 1 days old -- $NtUninstallKB923689$
27-03-2008 18:43:07 38931 byte 1 days old -- KB923689.log
27-03-2008 18:43:09 (DIR) 0 byte 1 days old -- $NtUninstallKB933729$
27-03-2008 18:43:10 36523 byte 1 days old -- KB933729.log
27-03-2008 18:43:11 (DIR) 0 byte 1 days old -- $NtUninstallKB941202$
27-03-2008 18:43:13 45878 byte 1 days old -- KB941202.log
27-03-2008 18:43:16 (DIR) 0 byte 1 days old -- $NtUninstallKB943460_0$
27-03-2008 18:43:20 (DIR) 0 byte 1 days old -- $NtUninstallKB936357$
27-03-2008 18:43:22 46278 byte 1 days old -- KB936357.log
27-03-2008 18:44:35 (DIR) 0 byte 1 days old -- $NtUninstallKB904942$
27-03-2008 18:44:36 70353 byte 1 days old -- KB904942.log
27-03-2008 18:44:38 (DIR) 0 byte 1 days old -- $NtUninstallKB914440$
27-03-2008 18:44:39 (DIR) 0 byte 1 days old -- network diagnostic
27-03-2008 18:44:42 (DIR) 0 byte 1 days old -- $NtUninstallKB943460$
27-03-2008 18:44:44 34918 byte 1 days old -- KB914440.log
27-03-2008 18:44:44 73677 byte 1 days old -- KB943460.log
27-03-2008 18:45:30 (DIR) 0 byte 1 days old -- $NtUninstallKB915865$
27-03-2008 18:45:32 36293 byte 1 days old -- KB915865.log
27-03-2008 18:45:41 (DIR) 0 byte 1 days old -- $NtServicePackUninstallNLSDownlevelMapping$
27-03-2008 18:45:42 39347 byte 1 days old -- NLSDownlevelMapping.log
27-03-2008 18:45:51 (DIR) 0 byte 1 days old -- $NtServicePackUninstallIDNMitigationAPIs$
27-03-2008 18:45:53 40916 byte 1 days old -- IDNMitigationAPIs.log
27-03-2008 18:46:43 (DIR) 0 byte 1 days old -- ie7
27-03-2008 18:46:47 (DIR) 0 byte 1 days old -- Media
27-03-2008 18:46:47 (DIR) 0 byte 1 days old -- Offline Web Pages
27-03-2008 18:46:52 (DIR) 0 byte 1 days old -- WBEM
27-03-2008 18:46:57 75907 byte 1 days old -- ie7.log
27-03-2008 18:47:03 (DIR) 0 byte 1 days old -- ie7updates
27-03-2008 18:47:16 85128 byte 1 days old -- KB942615-IE7.log
27-03-2008 18:47:33 34149 byte 1 days old -- ie7_main.log
27-03-2008 18:47:34 (DIR) 0 byte 1 days old -- $NtUninstallKB942763$
27-03-2008 18:47:36 86912 byte 1 days old -- KB942763.log
27-03-2008 18:47:38 (DIR) 0 byte 1 days old -- $NtUninstallKB941568$
27-03-2008 18:47:40 75044 byte 1 days old -- KB941568.log
27-03-2008 18:47:41 (DIR) 0 byte 1 days old -- $NtUninstallKB944653$
27-03-2008 18:47:42 75306 byte 1 days old -- KB944653.log
27-03-2008 18:47:45 (DIR) 0 byte 1 days old -- $NtUninstallKB937894$
27-03-2008 18:47:46 76678 byte 1 days old -- KB937894.log
27-03-2008 18:47:54 299601 byte 1 days old -- setupapi.log
27-03-2008 18:47:55 (DIR) 0 byte 1 days old -- $NtUninstallKB941569$
27-03-2008 18:47:56 68995 byte 1 days old -- KB941569.log
27-03-2008 18:47:57 (DIR) 0 byte 1 days old -- $NtUninstallKB941644$
27-03-2008 18:47:59 75381 byte 1 days old -- KB941644.log
27-03-2008 18:48:00 (DIR) 0 byte 1 days old -- $NtUninstallKB942840$
27-03-2008 18:48:02 76268 byte 1 days old -- KB942840.log
27-03-2008 18:48:03 (DIR) 0 byte 1 days old -- $NtUninstallKB943485$
27-03-2008 18:48:05 75366 byte 1 days old -- KB943485.log
27-03-2008 18:49:20 (DIR) 0 byte 1 days old -- WinSxS
27-03-2008 18:49:27 (DIR) 0 byte 1 days old -- Installer
27-03-2008 18:50:04 55852 byte 1 days old -- updspapi.log
27-03-2008 18:50:04 (DIR) 0 byte 1 days old -- $NtUninstallKB944533$
27-03-2008 18:50:06 83481 byte 1 days old -- KB944533-IE7.log
27-03-2008 18:50:06 84276 byte 1 days old -- KB944533.log
27-03-2008 18:50:07 (DIR) 0 byte 1 days old -- $NtUninstallKB946026$
27-03-2008 18:50:09 74881 byte 1 days old -- KB946026.log
27-03-2008 18:50:10 (DIR) 0 byte 1 days old -- $NtUninstallKB943055$

Citera

2008-03-28, 00:22 #11

Medlem

Reg: Mar 2006

Inlägg: 31

Del 3:

27-03-2008 18:50:12 75056 byte 1 days old -- KB943055.log
27-03-2008 18:50:12 1374 byte 1 days old -- imsins.BAK
27-03-2008 18:52:05 (DIR) 0 byte 1 days old -- Help
27-03-2008 18:52:05 (DIR) 0 byte 1 days old -- msagent
27-03-2008 18:52:25 6224 byte 1 days old -- spupdsvc.log
27-03-2008 18:53:44 (DIR) 0 byte 1 days old -- system32
27-03-2008 18:55:04 (DIR) 0 byte 1 days old -- $hf_mig$
27-03-2008 18:55:13 189796 byte 1 days old -- msmqinst.log
27-03-2008 18:55:14 279279 byte 1 days old -- tsoc.log
27-03-2008 18:55:14 30789 byte 1 days old -- tabletoc.log
27-03-2008 18:55:14 10927 byte 1 days old -- KB938127-IE7.log
27-03-2008 18:55:14 (DIR) 0 byte 1 days old -- inf
27-03-2008 18:55:14 29997 byte 1 days old -- msgsocm.log
27-03-2008 18:55:14 42075 byte 1 days old -- MedCtrOC.log
27-03-2008 18:55:14 612090 byte 1 days old -- FaxSetup.log
27-03-2008 18:55:14 664039 byte 1 days old -- iis6.log
27-03-2008 18:55:14 200662 byte 1 days old -- comsetup.log
27-03-2008 18:55:14 1374 byte 1 days old -- imsins.log
27-03-2008 18:55:14 121936 byte 1 days old -- ntdtcsetup.log
27-03-2008 18:55:14 288684 byte 1 days old -- ocgen.log
27-03-2008 18:55:14 37828 byte 1 days old -- ocmsn.log
27-03-2008 18:55:14 107217 byte 1 days old -- netfxocm.log
27-03-2008 18:55:49 32634 byte 1 days old -- SchedLgU.Txt
27-03-2008 22:14:54 2048 byte 1 days old -- bootstat.dat
27-03-2008 22:15:02 50 byte 1 days old -- wiaservc.log
27-03-2008 22:15:04 1122712 byte 1 days old -- WindowsUpdate.log
27-03-2008 22:15:06 0 byte 1 days old -- 0.log
27-03-2008 22:15:06 159 byte 1 days old -- wiadebug.log
27-03-2008 22:15:08 (DIR) 0 byte 1 days old -- Temp
27-03-2008 22:30:39 (DIR) 0 byte 1 days old -- Microsoft.NET
27-03-2008 22:50:00 (DIR) 0 byte 1 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
20-03-2008 15:10:04 367 byte 8 days old -- LegitCheckControl.inf

----- recent files in C:\WINDOWS\system\
13-03-2008 00:59:24 806912 byte 15 days old -- Reg.exe

----- recent files in C:\WINDOWS\system32\
16-03-2008 16:02:03 107832 byte 12 days old -- PnkBstrB.exe
22-03-2008 15:49:39 86528 byte 6 days old -- VACFix.exe
25-03-2008 02:34:16 51355 byte 3 days old -- muzika.xm
26-03-2008 08:50:45 82432 byte 2 days old -- IEDFix.exe
27-03-2008 03:06:18 1586334 byte 1 days old -- pahkiekl.ini
27-03-2008 03:09:08 166016 byte 1 days old -- vyadd.ini2
27-03-2008 03:11:57 166247 byte 1 days old -- vyadd.ini
27-03-2008 04:22:11 164549 byte 1 days old -- hjkmp.ini
27-03-2008 04:54:23 55016 byte 1 days old -- BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
27-03-2008 04:54:23 55016 byte 1 days old -- BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
27-03-2008 04:54:23 64900 byte 1 days old -- DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
27-03-2008 11:34:47 1586394 byte 1 days old -- kajufgjo.ini
27-03-2008 12:13:48 175517 byte 1 days old -- wvvwa.ini2
27-03-2008 12:14:45 175517 byte 1 days old -- wvvwa.ini
27-03-2008 12:21:50 93248 byte 1 days old -- phxetakw.dll
27-03-2008 12:24:21 1583115 byte 1 days old -- kgkhliri.ini
27-03-2008 12:57:23 160107 byte 1 days old -- pqtss.ini2
27-03-2008 13:11:48 (DIR) 0 byte 1 days old -- LogFiles
27-03-2008 14:17:37 93248 byte 1 days old -- ppdlsrjo.dll
27-03-2008 14:20:07 1583572 byte 1 days old -- iddyxqtn.ini
27-03-2008 15:23:16 164258 byte 1 days old -- ututv.ini2
27-03-2008 15:24:24 164258 byte 1 days old -- ututv.ini
27-03-2008 15:31:38 93248 byte 1 days old -- ktbmbdao.dll
27-03-2008 16:22:56 160322 byte 1 days old -- lmllm.ini
27-03-2008 17:55:42 (DIR) 0 byte 1 days old -- PreInstall
27-03-2008 18:24:10 0 byte 1 days old -- tmp.txt
27-03-2008 18:24:10 2238 byte 1 days old -- tmp.reg
27-03-2008 18:39:29 (DIR) 0 byte 1 days old -- Com
27-03-2008 18:44:43 (DIR) 0 byte 1 days old -- CatRoot
27-03-2008 18:46:55 (DIR) 0 byte 1 days old -- config
27-03-2008 18:47:12 (DIR) 0 byte 1 days old -- sv-se
27-03-2008 18:47:34 138606 byte 1 days old -- TZLog.log
27-03-2008 18:50:09 (DIR) 0 byte 1 days old -- drivers
27-03-2008 18:52:16 1459936 byte 1 days old -- FNTCACHE.DAT
27-03-2008 18:53:44 397696 byte 1 days old -- perfh009.dat
27-03-2008 18:53:44 71398 byte 1 days old -- perfc01D.dat
27-03-2008 18:53:44 59916 byte 1 days old -- perfc009.dat
27-03-2008 18:53:44 400796 byte 1 days old -- perfh01D.dat
27-03-2008 18:53:44 940900 byte 1 days old -- PerfStringBackup.INI
27-03-2008 18:54:43 2262 byte 1 days old -- wpa.dbl
27-03-2008 18:55:03 (DIR) 0 byte 1 days old -- CatRoot2
27-03-2008 18:55:12 (DIR) 0 byte 1 days old -- dllcache
27-03-2008 18:55:51 55016 byte 1 days old -- BMXState-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
27-03-2008 18:55:51 55016 byte 1 days old -- BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
27-03-2008 18:55:51 2064 byte 1 days old -- settings.sfm
27-03-2008 18:55:51 2064 byte 1 days old -- settingsbkup.sfm
27-03-2008 18:55:51 64900 byte 1 days old -- DVCState-{00000004-00000000-00000002-00001102-00000005-00311102}.rfx
05-03-2008 08:30:56 19148408 byte 23 days old -- MRT.exe

----- recent files in C:\WINDOWS\system32\drivers\
16-03-2008 16:02:10 22328 byte 12 days old -- PnkBstrK.sys
27-03-2008 18:04:09 (DIR) 0 byte 1 days old -- etc

----- recent files in C:\WINDOWS\temp\
27-03-2008 23:24:52 255 byte 1 days old -- WGAErrLog.txt

----- recent files in C:\Program\
18-03-2008 20:42:53 (DIR) 0 byte 10 days old -- ICQ
19-03-2008 23:49:43 (DIR) 0 byte 9 days old -- DC++
20-03-2008 00:13:21 (DIR) 0 byte 8 days old -- EphPod
25-03-2008 18:10:15 (DIR) 0 byte 3 days old -- iPod
25-03-2008 18:10:20 (DIR) 0 byte 3 days old -- iTunes
26-03-2008 03:36:38 (DIR) 0 byte 2 days old -- Bonjour
26-03-2008 14:40:56 (DIR) 0 byte 2 days old -- InstallShield Installation Information
26-03-2008 14:41:21 (DIR) 0 byte 2 days old -- CuteFtp
27-03-2008 03:05:59 (DIR) 0 byte 1 days old -- Spybot - Search & Destroy
27-03-2008 16:00:47 (DIR) 0 byte 1 days old -- Malware
27-03-2008 17:38:33 (DIR) 0 byte 1 days old -- SUPERAntiSpyware
27-03-2008 17:46:11 (DIR) 0 byte 1 days old -- MSN Messenger
27-03-2008 18:40:04 (DIR) 0 byte 1 days old -- Windows Media Player
27-03-2008 18:42:51 (DIR) 0 byte 1 days old -- MSXML 4.0
27-03-2008 18:52:05 (DIR) 0 byte 1 days old -- Internet Explorer
27-03-2008 23:28:56 (DIR) 0 byte 1 days old -- HijackThis
28-03-2008 00:04:27 (DIR) 0 byte 0 days old -- Mozilla Firefox

----- recent files in C:\Program\Delade filer\
26-03-2008 14:40:20 (DIR) 0 byte 2 days old -- InstallShield
27-03-2008 13:02:25 (DIR) 0 byte 1 days old -- Wise Installation Wizard
27-03-2008 18:41:23 (DIR) 0 byte 1 days old -- System

----- recent files in C:\Documents and Settings\Digzka\Application Data\
25-03-2008 18:35:52 (DIR) 0 byte 3 days old -- Apple Computer
26-03-2008 14:41:01 (DIR) 0 byte 2 days old -- GlobalSCAPE
26-03-2008 16:15:29 (DIR) 0 byte 2 days old -- Adobe
27-03-2008 03:51:33 (DIR) 0 byte 1 days old -- Microsoft
27-03-2008 11:53:09 (DIR) 0 byte 1 days old -- SUPERAntiSpyware.com
27-03-2008 16:00:52 (DIR) 0 byte 1 days old -- Malwarebytes
27-03-2008 18:11:37 (DIR) 0 byte 1 days old -- uTorrent

----- recent files in C:\DOCUME~1\Digzka\LOKALA~1\Temp\
29-02-2008 16:03:44 146672 byte 28 days old -- SSUPDATE.EXE
27-03-2008 14:59:30 156 byte 1 days old -- Twunk001.MTX
27-03-2008 14:59:30 0 byte 1 days old -- Twunk002.MTX
27-03-2008 14:59:30 2 byte 1 days old -- Twain001.Mtx
27-03-2008 14:59:30 693 byte 1 days old -- TWAIN.LOG
27-03-2008 14:59:35 59964 byte 1 days old -- Adobelm_Cleanup.0001
27-03-2008 14:59:41 (DIR) 0 byte 1 days old -- CopyFileList
27-03-2008 15:58:31 22231 byte 1 days old -- b336x280.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b300x250.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b468x60.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b728x90.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b720x300.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b125x125.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b160x600.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b120x90.tmp
27-03-2008 15:58:31 22231 byte 1 days old -- b120x240.tmp

Citera

2008-03-28, 00:23 #12

Medlem

Reg: Mar 2006

Inlägg: 31

Typiskt...en till...

Citera

Hade smittad dator - är allt borta nu? Hijackthislog finns

Skapa ett konto eller logga in för att kommentera

Skapa ett konto

Logga in