Software > Computer viruses and spyware
Atapi.sys infected - Trojan Horse Packed.Protector.C
evilfantasy:
One more time please.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
--- Code: ---KillAll::
SkipFix::
DDS::
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92E364B2-3C99-8131-FA38C55A9DF469B6}\{ED083C7B-BB22-E038-94448FA9BD51D19E}\{5592BF6F-6CA4-ED79-1454C42B0B348E21}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C53C8AFE-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
--- End code ---
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
You can open Defogger and have it Re-enable the virtual drivers now.
----------
Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the desktop
Andrimner:
Ok, all done - here is the new log:
ComboFix 09-12-09.03 - HP_Eier 10.12.2009 2:11.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1022.558 [GMT 1:00]
Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\HP_Eier\Skrivebord\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-10 til 2009-12-10 )))))))))))))))))))))))))))))))))
.
2009-12-09 19:12 . 2009-12-09 19:12 -------- d-----w- c:\windows\system32\LogFiles
2009-12-09 15:51 . 2009-12-09 15:51 -------- d-----w- c:\programfiler\Trend Micro
2009-12-09 14:13 . 2009-12-09 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 14:09 . 2009-12-09 14:09 152576 ----a-w- c:\documents and settings\HP_Eier\Programdata\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-09 14:08 . 2009-12-09 14:08 79488 ----a-w- c:\documents and settings\HP_Eier\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-08 23:57 . 2009-12-10 01:09 -------- d--h--r- c:\documents and settings\HP_Eier\Siste
2009-12-08 23:35 . 2009-12-08 23:35 117760 ----a-w- c:\documents and settings\HP_Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-08 23:35 . 2009-12-08 23:35 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2009-12-08 23:32 . 2009-12-08 23:34 -------- d-----w- c:\programfiler\SUPERAntiSpyware
2009-12-08 23:32 . 2009-12-08 23:32 -------- d-----w- c:\documents and settings\HP_Eier\Programdata\SUPERAntiSpyware.com
2009-12-08 22:05 . 2009-12-08 22:05 -------- d-----w- c:\programfiler\CCleaner
2009-12-07 10:23 . 2009-12-07 10:23 -------- d-----w- c:\documents and settings\HP_Eier\Programdata\Malwarebytes
2009-12-07 10:23 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 10:23 . 2009-12-07 10:23 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-12-07 10:23 . 2009-12-07 10:23 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-12-07 10:23 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 06:25 . 2009-12-08 15:06 -------- d-----w- C:\My Shared Folder
2009-12-04 15:16 . 2009-12-04 15:16 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared
2009-12-04 12:09 . 2009-12-04 14:36 -------- d-----w- C:\Video og film
2009-12-03 19:15 . 2009-12-06 17:21 -------- d-----w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Temp
2009-12-03 14:12 . 2009-12-03 14:13 -------- d-----w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 23:51 . 2009-02-14 15:22 -------- d-----w- c:\programfiler\DesktopEarth
2009-12-09 19:19 . 2006-11-03 21:07 -------- d-----w- c:\documents and settings\HP_Eier\Programdata\Azureus
2009-12-09 14:59 . 2009-12-09 14:59 16 ----a-w- c:\documents and settings\HP_Eier\Programdata\fvgqad.dat
2009-12-09 14:11 . 2005-01-02 00:02 -------- d-----w- c:\programfiler\Java
2009-12-08 23:29 . 2006-03-04 11:05 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-12-07 11:59 . 2009-12-07 11:59 16 ----a-w- c:\documents and settings\NetworkService\Programdata\fvgqad.dat
2009-12-07 10:13 . 2009-04-25 13:41 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8
2009-12-07 02:42 . 2009-12-07 02:42 4 ----a-w- c:\documents and settings\HP_Eier\Programdata\avdrn.dat
2009-12-04 15:17 . 2005-09-24 13:51 -------- d-----w- c:\programfiler\DivX
2009-12-04 11:40 . 2005-01-02 00:24 -------- d--h--w- c:\programfiler\InstallShield Installation Information
2009-12-04 11:26 . 2008-05-10 15:56 -------- d-----w- c:\documents and settings\HP_Eier\Programdata\Orbit
2009-12-03 17:42 . 2009-08-22 11:38 -------- d-----w- c:\programfiler\Fellesfiler\AVSMedia
2009-12-03 14:15 . 2004-11-29 20:10 61348 ----a-w- c:\windows\system32\perfc014.dat
2009-12-03 14:15 . 2004-11-29 20:10 386354 ----a-w- c:\windows\system32\perfh014.dat
2009-09-25 05:59 . 2004-08-04 12:00 661504 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:59 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-20 13:59 . 2007-08-08 15:18 17616 ----a-w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-09-11 14:37 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2005-09-24 14:16 . 2005-09-24 14:16 4878136 ----a-w- c:\programfiler\Firefox Setup 1.0.7.exe
2005-09-24 13:51 . 2005-09-24 13:51 9346144 ----a-w- c:\programfiler\DivXCreate.exe
2005-09-24 13:35 . 2005-09-24 13:34 9341640 ----a-w- c:\programfiler\Install_MSN_Messenger.EXE
2005-04-13 22:11 . 2007-03-27 16:39 53283 ----a-w- c:\programfiler\mozilla firefox\plugins\NCScnet.dll
2005-04-13 22:33 . 2007-03-27 16:39 1044514 ----a-w- c:\programfiler\mozilla firefox\plugins\NCSEcw.dll
2005-04-13 22:11 . 2007-03-27 16:39 98339 ----a-w- c:\programfiler\mozilla firefox\plugins\NCSUtil.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe -osboot" [X]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Profiler"="c:\programfiler\Saitek\Software\Profiler.exe" [2004-07-26 159744]
"SaiSmart"="c:\programfiler\Saitek\Software\SaiSmart.exe" [2004-07-26 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-03 2029336]
c:\documents and settings\Spiller\Start-meny\Programmer\Oppstart\
PowerReg Scheduler.exe [2009-1-9 256000]
c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\
DesktopEarth AutoStart.lnk - c:\documents and settings\HP_Eier\Programdata\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2009-2-14 29926]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
CodeMeter Control Center.lnk - c:\programfiler\CodeMeter\Runtime\bin\CodeMeterCC.exe [2007-3-23 4984832]
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
WinZip Quick Pick.lnk - c:\programfiler\WinZip\WZQKPICK.EXE [2007-8-3 394856]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Azureus\\Azureus.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25.04.2009 14:42 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25.04.2009 14:42 108552]
R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 08:43 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25.04.2009 14:42 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.04.2009 14:42 297752]
S2 gupdate1c9b16eefa1d850;Google Update Service (gupdate1c9b16eefa1d850);c:\programfiler\Google\Update\GoogleUpdate.exe [30.03.2009 20:37 133104]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [06.01.2009 13:58 30984]
S3 SaiH2541;SaiH2541;c:\windows\system32\drivers\SaiH2541.sys [01.05.2007 16:10 132232]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [06.01.2009 13:57 56576]
S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 08:43 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03.03.2008 22:00 721904]
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q105&bd=pavilion&pf=desktop
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\programfiler\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?db7fb6bca09c413ea8f65a39ed34d332
IE: Open in new foreground tab - c:\programfiler\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?db7fb6bca09c413ea8f65a39ed34d332
FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\tzvdvu5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/
FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p=
FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programfiler\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NP_NCS6.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NP_NCSPB6.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NP_NCSTB6.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npitunes.dll
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 02:15
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_USERS\S-1-5-21-2708978570-3192926764-780308440-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7f,c7,c7,f5,13,05,cb,ea,7f,63,78,da,c6,44,db,80,13,6a,61,40,0f,df,61,
0b,75,f6,1b,e5,47,3f,af,53,fc,dd,5c,e0,1d,ee,d0,9f,cc,6c,6a,e5,8a,3d,92,7f,\
"??"=hex:9d,69,f2,3c,9c,f5,ef,9a,be,14,41,e0,7e,6a,c5,06
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{55F992BA-1D26-E5AF-0907C8AEF5A56624}\{F1333513-8015-AAF3-FD42BD84CFB0024A}\{F02E7673-B596-886F-5D7515D1DE7A7F98}*]
"G2ODBCSUISDKL2GJMZO1MJ5AUG1"=hex:01,00,01,00,00,00,00,00,9d,07,c2,9d,25,58,3c,
a7,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}*]
"L5OTYL4OSK54QTZWOGJWMONWTG1"=hex:01,00,01,00,00,00,00,00,4f,1a,34,b6,a9,51,c3,
92,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}*]
"PK3IM51V2WPW5YOPIRJ365XEIG1"=hex:01,00,01,00,00,00,00,00,c3,a2,73,89,0b,39,ad,
69,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92E364B2-3C99-8131-FA38C55A9DF469B6}\{ED083C7B-BB22-E038-94448FA9BD51D19E}\{5592BF6F-6CA4-ED79-1454C42B0B348E21}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,1d,0b,78,
dd,02,85,a5,85,f2,b9,06,f7,25,56,f6,d2,a3,91,db,fa,9b,3c,b7,a0,8f,48,60,e9,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]
"L5OTYL4OSK54QTZWOGJWMONWTG1"=hex:01,00,01,00,00,00,00,00,4f,1a,34,b6,a9,51,c3,
92,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
"PK3IM51V2WPW5YOPIRJ365XEIG1"=hex:01,00,01,00,00,00,00,00,c3,a2,73,89,0b,39,ad,
69,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C53C8AFE-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,1d,0b,78,
dd,02,85,a5,85,f2,b9,06,f7,25,56,f6,d2,a3,91,db,fa,9b,3c,b7,a0,8f,48,60,e9,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
"G2ODBCSUISDKL2GJMZO1MJ5AUG1"=hex:01,00,01,00,00,00,00,00,9d,07,c2,9d,25,58,3c,
a7,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\programfiler\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1440)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe
c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programfiler\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\programfiler\iPod\bin\iPodService.exe
c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe
c:\programfiler\DesktopEarth\DesktopEarth.exe
c:\programfiler\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-12-10 02:20:06 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-12-10 01:20
ComboFix2.txt 2009-12-09 23:54
ComboFix3.txt 2009-12-09 18:01
Pre-Run: 81 007 431 680 byte ledig
Post-Run: 80 977 956 864 byte ledig
- - End Of File - - 1A45B871D86822B559D2D29C2ABC8D38
evilfantasy:
Open Defogger and choose Re-enable.
How is the computer running now?
Andrimner:
It seems to be running just fine now, thank you very much :)
Andrimner:
Never mind that, AVG Resident Shield just popped up again and informed me of 4 new infections, same name, bt this time in A0036939.sys which is located in C:\System Volume Information\_restore{[A whole lot of letters and numbers]}\RP502...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version