Jump to content

PiTaN

Members
  • Content Count

    9
  • Joined

  • Last visited

About PiTaN

  • Rank
    New Member
  1. PiTaN

    mbam log

    YEAH!!!! The virus is gone, did it all again everything u said in this tread.. and iam now "clean" Thank You so very very very much... GREAT WORK
  2. PiTaN

    mbam log

    Hi.. here is my mbam log : Malwarebytes' Anti-Malware 1.36 Databasversion: 2093 Windows 5.1.2600 Service Pack 1 2009-05-10 16:38:43 mbam-log-2009-05-10 (16-38-39).txt Skanningstyp: Fullständig skanning (A:\|C:\|D:\|E:\|) Antal skannade objekt: 106186 Förfluten tid: 9 minute(s), 37 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 11 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 4 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{04042010-84bb-411a-a366-f411f2c81e65} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uti0nzgx (Rootkit.Bagle) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uti0nzgx (Rootkit.Bagle) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti0nzgx (Rootkit.Bagle) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\drivers\uti0nzgx.sys (Rootkit.Bagle) -> No action taken. and here is the combofix report.... getting anything from this ? ComboFix 09-05-09.02 - Samuelsson 2009-05-10 16:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.46.1053.18.1535.1262 [GMT 2:00] Körs från: c:\documents and settings\Samuelsson\Skrivbord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\drivers\2344224e.sys c:\windows\system32\drivers\72fb6b94.sys c:\windows\system32\drivers\962636f4.sys c:\windows\system32\drivers\9d57cd40.sys c:\windows\system32\drivers\b2ef4385.sys c:\windows\system32\drivers\b7be10fa.sys c:\windows\system32\drivers\ovfsthffebwkhikoaolajyjdtmitennikudvrb.sys c:\windows\system32\evejofok.ini c:\windows\system32\hutajebo.dll c:\windows\system32\karirabo.dll c:\windows\system32\lalatoyi.dll c:\windows\system32\letuyami.exe c:\windows\system32\lokadodu.dll c:\windows\system32\ovfsthcvfbhopynfehowrynqfuydtkwsoyjleq.dat c:\windows\system32\ovfsthijocqqwlwtkirjysdmdjnpyticyodfyl.dat c:\windows\system32\ovfsthnocxaitjgcxktasrdqpooiurosyujkuj.dll c:\windows\system32\ovfsthovabvfdtwskhcynyeflyxffwbhsnqvia.dll c:\windows\system32\ovfsthuxtvedtuqbbticvhoorehevmwbaijfhm.dll c:\windows\system32\ropenoya.dll c:\windows\system32\sulajono.dll c:\windows\system32\zomokoya.dll c:\windows\system32\gijrhbc.dll . . . . misslyckades radera c:\windows\System32\kmnrrzvi.dll . . . . misslyckades radera ----- BITS: Troligen infekterade webbplatser ----- hxxp://62.4.83.201 Infekterad kopia av c:\windows\system32\drivers\ndis.sys hittades och desinficerades. Återställd kopia från - The cat ate it . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthkxtxekxvndswcqnfghnrqtrqyqumvquk -------\Legacy_gbakgxwr -------\Service_2344224e -------\Service_962636f4 -------\Service_b7be10fa -------\Service_gbakgxwr (((((((((((((((((((((((( Filer Skapade från 2009-04-10 till 2009-05-10 )))))))))))))))))))))))))))))) . 2009-05-08 11:18 . 2009-05-08 11:18 -------- d-----w c:\program\trend micro 2009-05-08 11:18 . 2009-05-08 11:18 -------- d-----w C:\rsit 2009-05-08 11:04 . 2009-05-08 11:04 7168 ----a-w c:\windows\system32\drivers\uti0nzgx.sys 2009-05-08 09:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-08 09:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-08 09:27 . 2009-05-08 09:27 -------- d-----w c:\program\Malwarebytes' Anti-Malware 2009-05-08 08:54 . 2009-05-08 08:54 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-08 08:54 . 2009-05-08 08:54 -------- d-----w c:\program\SUPERAntiSpyware 2009-05-08 08:54 . 2009-05-08 08:54 -------- d-----w c:\documents and settings\Samuelsson\Application Data\SUPERAntiSpyware.com 2009-05-08 08:54 . 2009-05-08 08:54 -------- d-----w c:\program\Delade filer\Wise Installation Wizard 2009-05-07 22:23 . 2009-05-07 22:23 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop 2009-05-07 22:22 . 2009-05-07 22:22 -------- d-----w c:\program\PCPitstop 2009-05-07 21:54 . 2009-05-07 21:54 -------- d-----w c:\documents and settings\Administratör.SAMUELSSON-PC1 2009-05-07 20:57 . 2009-05-07 20:57 -------- d-----w c:\documents and settings\Samuelsson\Application Data\Malwarebytes 2009-05-07 20:57 . 2009-05-07 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-06 22:15 . 2009-05-07 18:58 0 ----a-w c:\windows\system32\drivers\27df6dfe.sys 2009-05-06 15:30 . 2009-05-06 17:21 0 ----a-w c:\windows\system32\drivers\526e4f6a.sys 2009-05-06 09:46 . 2009-05-06 09:46 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-05-05 22:15 . 2009-05-06 17:21 0 ----a-w c:\windows\system32\drivers\83766b30.sys 2009-04-28 13:42 . 2009-05-01 09:54 -------- d-----w c:\documents and settings\Samuelsson\Application Data\Microgaming . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-10 14:46 . 2001-09-28 12:00 143872 ----a-w c:\windows\system32\kmnrrzvi.dll 2009-05-10 14:45 . 2001-09-28 12:00 102912 ----a-w c:\windows\system32\dsgkgor.dll 2009-05-10 14:44 . 2009-05-10 14:40 167552 ----a-w c:\windows\system32\drivers\ndis.sys 2009-05-10 12:53 . 2009-03-06 19:30 -------- d-----w c:\program\Steam 2009-05-08 16:56 . 2009-02-04 15:23 -------- d-----w c:\program\mIRC 2009-05-06 16:30 . 2001-09-28 12:00 12800 ----a-w c:\windows\system32\svchost.exe 2009-04-25 18:54 . 2001-09-28 12:00 62728 ----a-w c:\windows\system32\perfc01D.dat 2009-04-25 18:54 . 2001-09-28 12:00 383448 ----a-w c:\windows\system32\perfh01D.dat 2009-04-09 08:37 . 2003-12-31 23:19 1532 ----a-w c:\windows\system32\d3d8caps.dat 2009-02-19 15:13 . 2009-02-19 15:13 0 ----a-w c:\windows\nsreg.dat 2009-02-02 22:14 . 2009-02-02 22:14 49152 --sha-w c:\windows\system32\fumupofo.dll.tmp 2009-02-02 22:14 . 2009-02-02 22:14 49152 --sha-w c:\windows\system32\rowisofi.dll.tmp 2009-02-02 22:14 . 2009-02-02 22:14 49152 --sha-w c:\windows\system32\sudijaji.dll.tmp . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04042010-84bb-411a-a366-f411f2c81e65}] 2009-05-10 14:46 143872 ----a-w c:\windows\system32\kmnrrzvi.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634}] 2001-09-28 12:00 102912 ----a-w c:\windows\system32\gijrhbc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-09-09 145920] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-09 13312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2001-09-28 52224] c:\documents and settings\All Users\Start-meny\Program\Autostart\ Microsoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Telenor Mobilt Bredband.lnk - c:\program\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe [2008-3-4 876544] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll "wave2"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Date Manager.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Date Manager.lnk backup=c:\windows\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^GStartup.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^PrecisionTime.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\PrecisionTime.lnk backup=c:\windows\pss\PrecisionTime.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) R0 yarofecn;yarofecn;c:\windows\system32\drivers\yarofecn.sys [2001-09-28 23424] R1 sasdifsv;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2009-04-28 9968] R1 saskutil;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2009-04-28 72944] R2 GtDetectSc;GtDetectSc;c:\program\Option\Telenor Mobilt Bredband\GtDetectSc.exe [2007-12-18 196704] R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2002-11-15 9472] S1 27df6dfe;27df6dfe;c:\windows\system32\drivers\27df6dfe.sys [2009-05-07 0] S1 526e4f6a;526e4f6a;c:\windows\system32\drivers\526e4f6a.sys [2009-05-06 0] S1 83766b30;83766b30;c:\windows\system32\drivers\83766b30.sys [2009-05-06 0] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-02-18 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-02-08 59648] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064] S3 sasenum;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408] S3 uti0nzgx;AVZ Kernel Driver;c:\windows\system32\drivers\uti0nzgx.sys [2009-05-08 7168] S4 pcpitstop scheduling;PCPitstop Scheduling;c:\program\PCPitstop\PCPitstopScheduleService.exe [2009-05-08 77312] . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - HKLM-Run-egui - c:\program\ESET\ESET NOD32 Antivirus\egui.exe . ------- Extra genomsökning ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - hxxp://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab FF - ProfilePath - c:\documents and settings\Samuelsson\Application Data\Mozilla\Firefox\Profiles\iazm5ka8.default\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-10 16:50 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 HATE HATE HATE! this virus :-( Thnx for help and backup and your time...
  3. PiTaN

    mbam log

    RSIT: INFO: info.txt logfile of random's system information tool 1.06 2009-05-08 13:18:25 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUN041D.EXE -f"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program\Delade filer\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Download Manager (Ta bort)-->"C:\Program\Delade filer\Adobe\ESD\uninst.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Counter-Strike-->"C:\Program\Steam\steam.exe" steam://uninstall/10 HijackThis 2.0.2-->"C:\Program\trend micro\HijackThis.exe" /uninstall Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp" Microsoft .NET Framework 1.1 Swedish Language Pack-->MsiExec.exe /X{992A2DB1-4ABC-4738-BD71-045C5FFE00D1} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office XP Professional med FrontPage-->MsiExec.exe /I{9028041D-6000-11D3-8CFE-0050048383C9} mIRC-->C:\Program\mIRC\uninstall.exe _?=C:\Program\mIRC MSN tilläggsprogram för Windows Messenger-->rundll32.exe "C:\Program\Messenger\MSGSC.dll",UnregisterMSNExt NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Svenska Spels Poker-->C:\Casino\SVENSK~1\UNWISE.EXE C:\Casino\SVENSK~1\INSTALL.LOG Telenor Mobilt Bredband-->MsiExec.exe /X{2C557BF1-86DA-4DE7-BD73-BDBB5EFB32C6} Uppdatering för Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" VentriloMIX-->C:\Program Files\VentriloMIX\Uninstal.exe Winamp (remove only)-->"C:\Program\Winamp\UninstWA.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall Windows XP Hotfix - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe WinRAR archiver-->C:\Program\WinRAR\uninstall.exe VLC media player 0.9.8a-->C:\Program\VideoLAN\VLC\uninstall.exe ======Hosts File====== 127.0.0.1 localhost ======System event log====== Computer Name: SAMUELSSON-PC1 Event Code: 7028 Message: Registernyckel wuauserv gav inte åtkomst till SYSTEM-kontoprogram. Tjänsthanteraren tog över ägarskapet av registernyckeln. Record Number: 29 Source Name: Service Control Manager Time Written: 20090507195744.000000+120 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 7028 Message: Registernyckel wuauserv gav inte åtkomst till SYSTEM-kontoprogram. Tjänsthanteraren tog över ägarskapet av registernyckeln. Record Number: 28 Source Name: Service Control Manager Time Written: 20090507195744.000000+120 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 8003 Message: Master browser har mottagit ett meddelande från datorn HEADBANG som tror att den är master browser för domänen på transporten NetBT_Tcpip_{DB11448A-8840-4B9A-. Master browser stannar eller ett val tvingas att göras. Record Number: 27 Source Name: MRxSmb Time Written: 20090507194007.000000+120 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 7000 Message: Tjänsten Background Intelligent Transfer Service kunde inte startas på grund av följande fel: Det går inte att hitta filen. Record Number: 7 Source Name: Service Control Manager Time Written: 20090507145057.000000+120 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 7009 Message: En timeout (30000 ms) inträffade vid väntan på att tjänsten fci ska ansluta. Record Number: 6 Source Name: Service Control Manager Time Written: 20090507145057.000000+120 Event Type: Fel User: =====Application event log===== Computer Name: SAMUELSSON-PC1 Event Code: 1000 Message: Felaktigt program smscudlm.exe, version 0.0.0.0, felaktig modul smscudlm.exe, version 0.0.0.0, felaktig adress 0x00001437. Record Number: 389 Source Name: Application Error Time Written: 20090303234145.000000+060 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 1000 Message: Felaktigt program iexplore.exe, version 6.0.2800.1106, felaktig modul pngfilt.dll, version 6.0.2800.1106, felaktig adress 0x00003678. Record Number: 254 Source Name: Application Error Time Written: 20090218053140.000000+060 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 1000 Message: Felaktigt program iexplore.exe, version 6.0.2800.1106, felaktig modul flash10a.ocx, version 10.0.12.36, felaktig adress 0x00082655. Record Number: 235 Source Name: Application Error Time Written: 20090215080308.000000+060 Event Type: Fel User: Computer Name: SAMUELSSON-PC1 Event Code: 1524 Message: Det går inte att ta bort klassregisterfilen ur minnet eftersom den fortfarande används av andra program eller tjänster. Filen kommer att tas bort från minnet när den inte längre används. Record Number: 111 Source Name: Userenv Time Written: 20040102180712.000000+060 Event Type: Varning User: SAMUELSSON-PC1\Samuelsson Computer Name: SAMUELSSON-PC1 Event Code: 1000 Message: Felaktigt program iexplore.exe, version 6.0.2800.1106, felaktig modul pngfilt.dll, version 6.0.2800.1106, felaktig adress 0x00003678. Record Number: 110 Source Name: Application Error Time Written: 20040102180620.000000+060 Event Type: Fel User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- LOG: O20 - Winlogon Notify: wkkwnqop - C:\WINDOWS\SYSTEM32\gijrhbc.dll O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: GtDetectSc - OptionNV - C:\Program\Option\Telenor Mobilt Bredband\GtDetectSc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 3651 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04042010-84bb-411a-a366-f411f2c81e65}] C:\WINDOWS\System32\kmnrrzvi.dll [2001-09-28 143872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634}] c:\windows\system32\gijrhbc.dll [2001-09-28 102912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-09-09 843804] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2002-09-09 145920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Date Manager.lnk] C:\Program\Date Manager\DateManager.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^GStartup.lnk] C:\Program\Delade filer\GMT\GMT.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^PrecisionTime.lnk] C:\Program\PrecisionTime\PrecisionTime.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 C:\Documents and Settings\All Users\Start-meny\Program\Autostart Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE Telenor Mobilt Bredband.lnk - C:\Program\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\jijivafo.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop] C:\WINDOWS\system32\gijrhbc.dll [2001-09-28 102912] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\System32\jijivafo.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-05-08 13:18:19 ----D---- C:\Program\trend micro 2009-05-08 13:18:18 ----D---- C:\rsit 2009-05-08 13:16:20 ----D---- C:\WINDOWS\LastGood 2009-05-08 11:27:05 ----D---- C:\Program\Malwarebytes' Anti-Malware 2009-05-08 10:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2009-05-08 10:54:53 ----D---- C:\Program\SUPERAntiSpyware 2009-05-08 10:54:53 ----D---- C:\Documents and Settings\Samuelsson\Application Data\SUPERAntiSpyware.com 2009-05-08 10:54:33 ----D---- C:\Program\Delade filer\Wise Installation Wizard 2009-05-08 10:44:55 ----SHD---- C:\Config.Msi 2009-05-08 00:23:11 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop 2009-05-08 00:22:46 ----D---- C:\Program\PCPitstop 2009-05-07 22:57:29 ----D---- C:\Documents and Settings\Samuelsson\Application Data\Malwarebytes 2009-05-07 22:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-06 11:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2009-05-04 10:09:26 ----D---- C:\Documents and Settings\Samuelsson\Application Data\Sun 2009-05-03 12:13:38 ----SH---- C:\WINDOWS\System32\evejofok.ini 2009-05-02 12:20:39 ----A---- C:\WINDOWS\System32\sulajono.dll 2009-04-28 15:42:33 ----D---- C:\Documents and Settings\Samuelsson\Application Data\Microgaming 2009-04-09 11:00:30 ----A---- C:\WINDOWS\System32\wstdecod.dll 2009-04-09 11:00:30 ----A---- C:\WINDOWS\System32\psisdecd.dll 2009-04-09 11:00:30 ----A---- C:\WINDOWS\System32\msyuv.dll 2009-04-09 11:00:30 ----A---- C:\WINDOWS\System32\msvidctl.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\quartz.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\qedit.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\qdvd.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\qdv.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\qcap.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\qasf.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\mswebdvd.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\dxdiagn.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\dxdiag.exe 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\dpwsockx.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\devenum.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\ddraw.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\d3d9.dll 2009-04-09 11:00:28 ----A---- C:\WINDOWS\System32\d3d8.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\qedwipes.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\msdmo.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\mciqtz32.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\ksuser.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\encapi.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dx8vb.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dx7vb.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dsound.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dsdmoprp.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpvvox.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpvsetup.exe 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpvoice.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpvacm.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpnsvr.exe 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpnlobby.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpnet.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dpmodemx.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dplayx.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dplaysvr.exe 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\dmusic.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\ddrawex.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\d3dim700.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\d3d8thk.dll 2009-04-09 11:00:27 ----A---- C:\WINDOWS\System32\amstream.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dxdllreg.exe 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dswave.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dsound3d.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dsdmo.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dpnhupnp.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dpnhpast.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dpnaddr.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmsynth.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmstyle.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmscript.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmloader.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmime.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmcompos.dll 2009-04-09 11:00:26 ----A---- C:\WINDOWS\System32\dmband.dll 2009-04-09 10:49:35 ----RSD---- C:\WINDOWS\assembly 2009-04-09 10:49:34 ----D---- C:\WINDOWS\System32\URTTemp 2009-04-09 10:49:34 ----D---- C:\WINDOWS\Microsoft.NET 2009-04-09 10:47:24 ----A---- C:\WINDOWS\System32\sqlsrv32.dll 2009-04-09 10:47:24 ----A---- C:\WINDOWS\System32\odbcbcp.dll 2009-04-09 10:47:23 ----A---- C:\WINDOWS\System32\sqlunirl.dll 2009-04-09 10:47:23 ----A---- C:\WINDOWS\System32\dbmsvinn.dll 2009-04-09 10:47:23 ----A---- C:\WINDOWS\System32\dbmsrpcn.dll 2009-04-09 10:47:23 ----A---- C:\WINDOWS\System32\dbmsgnet.dll 2009-04-09 10:47:23 ----A---- C:\WINDOWS\System32\dbmsadsn.dll 2009-04-09 10:47:22 ----A---- C:\WINDOWS\System32\dbnmpntw.dll 2009-04-09 10:47:22 ----A---- C:\WINDOWS\System32\dbnetlib.dll 2009-04-09 10:47:22 ----A---- C:\WINDOWS\System32\cliconfg.exe 2009-04-09 10:47:22 ----A---- C:\WINDOWS\System32\cliconfg.dll 2009-04-09 10:47:19 ----A---- C:\WINDOWS\System32\msxml3r.dll 2009-04-09 10:47:19 ----A---- C:\WINDOWS\System32\msxml3.dll 2009-04-09 10:47:18 ----A---- C:\WINDOWS\System32\odbc16gt.dll 2009-04-09 10:47:18 ----A---- C:\WINDOWS\System32\msorc32r.dll 2009-04-09 10:47:18 ----A---- C:\WINDOWS\System32\mscpxl32.dll 2009-04-09 10:47:18 ----A---- C:\WINDOWS\System32\ds16gt.dll 2009-04-09 10:47:17 ----A---- C:\WINDOWS\System32\odbccr32.dll 2009-04-09 10:47:17 ----A---- C:\WINDOWS\System32\odbccp32.dll 2009-04-09 10:47:17 ----A---- C:\WINDOWS\System32\odbcad32.exe 2009-04-09 10:47:17 ----A---- C:\WINDOWS\System32\odbc32gt.dll 2009-04-09 10:47:17 ----A---- C:\WINDOWS\System32\msorcl32.dll 2009-04-09 10:47:16 ----A---- C:\WINDOWS\System32\odbctrac.dll 2009-04-09 10:47:16 ----A---- C:\WINDOWS\System32\odbc32.dll 2009-04-09 10:47:16 ----A---- C:\WINDOWS\System32\msdart.dll 2009-04-09 10:47:15 ----A---- C:\WINDOWS\System32\odbcint.dll 2009-04-09 10:47:14 ----A---- C:\WINDOWS\System32\odbccu32.dll 2009-04-09 10:47:14 ----A---- C:\WINDOWS\System32\ds32gt.dll 2009-04-09 10:44:22 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-04-09 10:40:46 ----D---- C:\WINDOWS\System32\PreInstall 2009-04-09 10:40:43 ----A---- C:\WINDOWS\System32\spupdsvc.exe 2009-04-09 10:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-04-09 10:40:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-09 10:40:10 ----D---- C:\WINDOWS\System32\bits 2009-04-09 10:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$ 2009-04-09 10:39:51 ----N---- C:\WINDOWS\System32\bitsprx3.dll 2009-04-09 10:39:51 ----N---- C:\WINDOWS\System32\bitsprx2.dll 2009-04-09 10:39:51 ----A---- C:\WINDOWS\System32\winhttp.dll 2009-04-09 10:39:51 ----A---- C:\WINDOWS\System32\qmgrprxy.dll 2009-04-09 10:38:42 ----A---- C:\WINDOWS\System32\wups2.dll 2009-04-09 10:38:42 ----A---- C:\WINDOWS\System32\wups.dll 2009-04-09 10:38:42 ----A---- C:\WINDOWS\System32\wucltui.dll.mui 2009-04-09 10:38:42 ----A---- C:\WINDOWS\System32\wucltui.dll 2009-04-09 10:38:42 ----A---- C:\WINDOWS\System32\wuaueng.dll.mui 2009-04-09 10:38:41 ----A---- C:\WINDOWS\System32\wuapi.dll.mui 2009-04-09 10:38:41 ----A---- C:\WINDOWS\System32\wuapi.dll 2009-04-09 10:38:21 ----D---- C:\WINDOWS\SoftwareDistribution 2009-04-09 10:30:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-04-09 10:30:03 ----D---- C:\Fraps ======List of files/folders modified in the last 1 months====== 2009-05-08 13:18:19 ----AD---- C:\Program 2009-05-08 13:16:20 ----D---- C:\WINDOWS\System32\drivers 2009-05-08 13:16:20 ----D---- C:\WINDOWS 2009-05-08 13:07:06 ----SHD---- C:\System Volume Information 2009-05-08 13:07:06 ----D---- C:\WINDOWS\System32\Restore 2009-05-08 13:07:05 ----D---- C:\WINDOWS\Temp 2009-05-08 13:07:05 ----D---- C:\WINDOWS\system32 2009-05-08 13:06:14 ----D---- C:\WINDOWS\Debug 2009-05-08 13:04:43 ----SH---- C:\boot.ini 2009-05-08 13:04:43 ----A---- C:\WINDOWS\win.ini 2009-05-08 13:04:43 ----A---- C:\WINDOWS\system.ini 2009-05-08 13:04:20 ----D---- C:\WINDOWS\System32\CatRoot2 2009-05-08 12:25:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-08 12:21:51 ----HD---- C:\WINDOWS\inf 2009-05-08 11:54:52 ----D---- C:\Program\Steam 2009-05-08 11:54:16 ----D---- C:\WINDOWS\Minidump 2009-05-08 11:27:04 ----D---- C:\WINDOWS\Prefetch 2009-05-08 11:26:12 ----SHD---- C:\WINDOWS\Installer 2009-05-08 10:54:33 ----AD---- C:\Program\Delade filer 2009-05-08 00:46:24 ----D---- C:\Documents and Settings\Samuelsson\Application Data\mIRC 2009-05-08 00:45:29 ----D---- C:\Program\mIRC 2009-05-08 00:23:08 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-07 23:54:17 ----D---- C:\Documents and Settings 2009-05-07 21:50:29 ----D---- C:\Program\Mozilla Firefox 2009-05-07 00:15:41 ----RSHDC---- C:\WINDOWS\System32\dllcache 2009-05-07 00:15:21 ----ASH---- C:\WINDOWS\System32\lalatoyi.dll 2009-05-06 18:30:30 ----A---- C:\WINDOWS\System32\svchost.exe 2009-05-06 12:15:15 ----ASH---- C:\WINDOWS\System32\ropenoya.dll 2009-05-06 00:15:55 ----SHD---- C:\RECYCLER 2009-05-06 00:14:54 ----ASH---- C:\WINDOWS\System32\zomokoya.dll 2009-05-04 12:14:01 ----ASH---- C:\WINDOWS\System32\karirabo.dll 2009-05-04 00:13:42 ----ASH---- C:\WINDOWS\System32\lokadodu.dll 2009-05-03 12:13:38 ----ASH---- C:\WINDOWS\System32\hutajebo.dll 2009-05-03 00:13:30 ----ASH---- C:\WINDOWS\System32\letuyami.exe 2009-05-02 11:59:43 ----D---- C:\WINDOWS\Registration 2009-05-01 21:03:21 ----D---- C:\Documents and Settings\Samuelsson\Application Data\Ventrilo 2009-04-25 20:54:48 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI 2009-04-09 11:01:30 ----D---- C:\WINDOWS\System32\DirectX 2009-04-09 11:01:09 ----D---- C:\WINDOWS\Help 2009-04-09 10:57:27 ----SD---- C:\Documents and Settings\Samuelsson\Application Data\Microsoft 2009-04-09 10:50:31 ----D---- C:\WINDOWS\System32\mui 2009-04-09 10:49:43 ----D---- C:\Program\Internet Explorer 2009-04-09 10:49:06 ----A---- C:\WINDOWS\ODBCINST.INI 2009-04-09 10:47:25 ----A---- C:\WINDOWS\ODBC.INI 2009-04-09 10:47:24 ----D---- C:\WINDOWS\RegisteredPackages 2009-04-09 10:40:20 ----D---- C:\WINDOWS\System32\CatRoot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 sasdifsv;SASDIFSV; \??\C:\Program\SUPERAntiSpyware\SASDIFSV.SYS [] R1 saskutil;SASKUTIL; \??\C:\Program\SUPERAntiSpyware\SASKUTIL.sys [] R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-09-09 57344] R3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-06 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-09-09 57984] R3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-09-06 9472] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070] R3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328] R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328] S1 27df6dfe;27df6dfe; C:\WINDOWS\System32\drivers\27df6dfe.sys [] S1 526e4f6a;526e4f6a; C:\WINDOWS\System32\drivers\526e4f6a.sys [] S1 83766b30;83766b30; C:\WINDOWS\System32\drivers\83766b30.sys [] S1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [] S1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [] S1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-09-06 14080] S2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [] S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704] S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074] S3 GT72NDISIPXP;GT 72 IP NDIS; C:\WINDOWS\System32\DRIVERS\Gt51Ip.sys [2008-02-18 106624] S3 GT72UBUS;GT 72 U BUS; C:\WINDOWS\System32\DRIVERS\gt72ubus.sys [2008-02-08 59648] S3 GTPTSER;GT PT SER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [2007-03-30 8064] S3 MODEMCSA;Enhet för Unimodem-direktuppspelningsfilter; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 ntgrip;Drivrutin för Gravis-spelportenhet; C:\WINDOWS\system32\drivers\ntgrip.sys [2001-08-17 51552] S3 sasenum;SASENUM; \??\C:\Program\SUPERAntiSpyware\SASENUM.SYS [] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2002-08-29 15744] S3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 uti0nzgx;AVZ Kernel Driver; \??\C:\WINDOWS\System32\Drivers\uti0nzgx.sys [] S4 ACPI;ACPI; C:\WINDOWS\System32\drivers\ACPI.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 gbakgxwr;IPX Traffic Filter Helper; C:\WINDOWS\System32\svchost.exe [2009-05-06 12800] R2 GtDetectSc;GtDetectSc; C:\Program\Option\Telenor Mobilt Bredband\GtDetectSc.exe [2007-12-18 196704] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S4 pcpitstop scheduling;PCPitstop Scheduling; C:\Program\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312] -----------------EOF----------------- GMER LOG : GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-08 13:22:14 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.15 ---- Code 8977C520 ZwEnumerateKey Code 897E0758 ZwFlushInstructionCache Code 8979D95E IofCallDriver Code 896AE326 IofCompleteRequest Code yarofecn.sys (Rio8Drv.sys Usb Driver/S3/Diamond Multimedia Systems) ObOpenObjectByName ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 2344224e.sys Device \Driver\Tcpip \Device\Ip 2344224e.sys Device \Driver\Tcpip \Device\Tcp 2344224e.sys Device \Driver\Tcpip \Device\Udp 2344224e.sys Device \Driver\Tcpip \Device\RawIp 2344224e.sys Device \Driver\NDIS \Device\Ndis [8987019C] NDIS.sys[.reloc] ---- EOF - GMER 1.0.15 ---- I now some text is in swedish i hope this wont be a BIG problem for u... Im so greatfull for ur time and help... im hosting a big online gaming tournament today and im on my way to throw my computer out of the window and go to the store and buy a new one.. im so sad and angry :-(
  4. everything is done and i posted my logs from mbam, now im going to safe mode and trying Kaspersky Virus Removal Tool
  5. here is my mbam log.. some keywords in swedish (sry 4 that) but ill think u get it Malwarebytes' Anti-Malware 1.36 Databasversion: 2091 Windows 5.1.2600 Service Pack 1 2009-05-08 12:12:23 mbamlog Skanningstyp: Snabb skanning Antal skannade objekt: 77946 Förfluten tid: 3 minute(s), 17 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 9 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04042010-84bb-411a-a366-f411f2c81e65} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{04042010-84bb-411a-a366-f411f2c81e65} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken.
  6. superantispyware makes my computer reboot in the middle of the program, can i do the same thing but use mbam ???
  7. How do i allow it to clean it? i have done the scan, then after i pushed results then delete all.... do i have to do anything else to allow it remove? i have the free version does it matter ?
  8. here is my mbam log: Malwarebytes' Anti-Malware 1.36 Databasversion: 2089 Windows 5.1.2600 Service Pack 1 2009-05-07 23:46:47 mbam-log-2009-05-07 (23-46-43).txt Skanningstyp: Fullständig skanning (C:\|D:\|) Antal skannade objekt: 95932 Förfluten tid: 7 minute(s), 59 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 6 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken. some in swedish but ill think u get it here is my nod msg Operating memory - Win32/Agent.ODG virus - unable to clean What should i do??? throw my computer away and buy a new one ?? :-( Would be GREATFUL for support
  9. Hi, when i use NOD32 i keep getting this virus Operating memory - Win32/Agent.ODG virus - unable to clean But nod cant delete it, and mbam dont seem to fint it, i have updatet mbam and scanned but it doesent help anything, what should i do??? here is my mbam log, sry some in swedish but i think you will get it... Malwarebytes' Anti-Malware 1.36 Databasversion: 2089 Windows 5.1.2600 Service Pack 1 2009-05-07 23:46:47 mbam-log-2009-05-07 (23-46-43).txt Skanningstyp: Fullständig skanning (C:\|D:\|) Antal skannade objekt: 95932 Förfluten tid: 7 minute(s), 59 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 2 Infekterade registernycklar: 6 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. Infekterade registernycklar: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wkkwnqop (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7cdf218b-fc9d-4da9-848c-5caa7292e634} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gbakgxwr (Trojan.Vundo.H) -> No action taken. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\system32\gijrhbc.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kmnrrzvi.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\dsgkgor.dll (Trojan.Vundo.H) -> No action taken. he is not finding the Operating memory - Win32/Agent.ODG virus - unable to clean that is find by my nod32.. PLEEEEEEEEEEEEEASE help me.. or do i need to buy a new computer or memorys or something?? PLEASE PLEASE PLEASE help me i would be so greatful!!!!
×
×
  • Create New...