Darkbuster Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 (endret) Hei! Da er det endelig min tur til å ha fått virus. Men av erfaring har jeg aldri hatt et slikt virus før. Viruset har fjernet oppgavebehandling "Oppgavebehandling er deaktivert av administratoren." Det er også flere skrivebordiconer som har forsvunnet, og på Start-knappen er det ikke lenger Min Datamaskin, mine dokumenter osv. Dataen er også blitt treig og dårlig. Håper noen kan hjelpe meg. Endret 19. oktober 2008 av Darkbuster Lenke til kommentar
ungkar1 Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 (endret) hei Kjør gjennom denne veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246 så poster du loggene i post her. etter hvert kommer det noen å ser på loggene. Endret 19. oktober 2008 av no more Mr. Nice guy Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 HijackThis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:06:30, on 19.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\VIA\RAID\raid_tool.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\PowerISO\PWRISOVM.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\progra~1\valve\steam\steam.exe F:\Daemon Tools X86\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ulwjchav.exe C:\Programfiler\Google\Google Updater\GoogleUpdater.exe C:\Programfiler\NETGEAR\WPN111 Configuration Utility\wpn111.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Documents and Settings\Tom\Skrivebord\HijackThis\Yoyoyo.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [RaidTool] C:\Programfiler\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.11\RivaTuner.exe" /S O4 - HKCU\..\Run: [steam] "c:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "F:\Daemon Tools X86\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [srvweb] C:\WINDOWS\system32\ulwjchav.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Snarvei til lol.lnk = C:\Documents and Settings\Tom\Skrivebord\lol.VBS O4 - Global Startup: Google Updater.lnk = C:\Programfiler\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Tom\Start-meny\Programmer\Poker.com\Poker.com.lnk (HKCU) O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Tom\Start-meny\Programmer\Poker.com\Poker.com.lnk (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{74283653-E8E1-4394-B1D4-124858088C3C}: NameServer = 81.162.254.2 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll xbwbec.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe -- End of file - 9876 bytes MBAM-logg Malwarebytes' Anti-Malware 1.29 Database versjon: 1276 Windows 5.1.2600 Service Pack 2 19.10.2008 13:43:18 mbam-log-2008-10-19 (13-43-18).txt Skanntype: Rask Skann Objekter skannet: 44765 Tid tilbakelagt: 6 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 4 Registernøkler infisert: 36 Registerverdier infisert: 4 Registerfiler infisert: 20 Mapper infisert: 6 Filer infisert: 39 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\iifcBSJy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ykqxgigk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\qrbgltos.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\ngwstxfd.dll (Trojan.FakeAlert) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f40cbff3-f66d-40a8-bae3-8c55f6f3763d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{f40cbff3-f66d-40a8-bae3-8c55f6f3763d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{66e76325-f4dd-4b7f-ac53-537e785ecc8a} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ba17f7fc-33b8-4ba8-a3ca-2c6d5be05951} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{691b67c0-a8d5-4d46-a284-e4f5648a50cd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ed2fc0d9-9abf-42e3-96f8-049740a1c435} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{82a3a31b-bc18-434d-a7c2-28fc0cab1986} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a2947f31-98bf-4721-8d75-344d6920640c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{71bca1ec-4ada-426c-8afa-dfc47dc94301} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d61e5919-3b3f-4f76-ba22-e963b642b32c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a1aa0364-0e20-48d2-bc4b-f44ea78ce955} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1aa0364-0e20-48d2-bc4b-f44ea78ce955} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rosqxvmn.bflo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlm63mgm57 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qrbgltos (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ed2fc0d9-9abf-42e3-96f8-049740a1c435} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ngwstxfd (Trojan.FakeAlert) -> Delete on reboot. Registerfiler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifcbsjy -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifcbsjy -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76438-OEM-0066414-84092) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: C:\Programfiler\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\system32\iifcBSJy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yJSBcfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yJSBcfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ykqxgigk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kgigxqky.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\mjcrwlyl\qhkdyvof.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\WINDOWS\qrbgltos.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\ekdt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache06AFB06 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache07B8BAF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache07BBE87.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache07C2BF6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programfiler\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\rosqxvmn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\ngwstxfd.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\lomxeqsn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\grfxbanomvt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Tom\Skrivebord\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Tom\Skrivebord\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Tom\Skrivebord\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSbubv.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSShrxr.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSmtql.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSrhyp.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Delete on reboot. Combofix-logg ComboFix 08-10-18.03 - Tom 2008-10-19 13:51:34.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1506 [GMT 2:00] Running from: C:\Documents and Settings\Tom\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Tom\Programdata\Adobe\crc.dat C:\Documents and Settings\Tom\Programdata\Adobe\Player.exe C:\Documents and Settings\Tom\Programdata\Adobe\Player.exe.bak C:\Programfiler\akl C:\Programfiler\akl\akl.dll C:\Programfiler\akl\akl.exe C:\Programfiler\akl\uninstall.exe C:\Programfiler\akl\unsetup.exe C:\Programfiler\Fellesfiler\{040C0~1 C:\Programfiler\Fellesfiler\{340C0~1 C:\Programfiler\Fellesfiler\{340C0~1\Uninst.exe C:\Programfiler\Inet Delivery C:\Programfiler\Inet Delivery\inetdl.exe C:\Programfiler\Inet Delivery\intdel.exe C:\Programfiler\Mozilla Firefox\plugins\NPMyGlSh.dll C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\byXQJAPH.dll C:\WINDOWS\system32\cgvntdlh.dll C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\medup020.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\qoMcaYqp.dll C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\xbwbec.dll C:\WINDOWS\userconfig9x.dll C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 13:42 . 2008-10-19 13:42 81,920 --a------ C:\WINDOWS\system32\ulwjchav.exe 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-19 13:34 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 13:31 . 2008-10-19 13:31 <DIR> dr-h----- C:\Documents and Settings\Tom\Siste 2008-10-19 03:51 . 2008-10-19 03:51 81,920 --a------ C:\WINDOWS\system32\hibklwzm.exe 2008-10-19 03:50 . 2008-10-19 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\mjcrwlyl 2008-10-19 03:50 . 2008-10-19 03:50 164 --a------ C:\WINDOWS\system32\TDSSmrvd.dat 2008-10-19 03:41 . 2008-10-19 03:41 <DIR> d-------- C:\Programfiler\Electronic Arts 2008-10-19 03:40 . 2008-10-19 03:40 5,974 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-10-16 15:52 . 2008-10-16 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\2DBoy 2008-10-03 15:21 . 2008-10-03 15:24 1,061 --a------ C:\WINDOWS\disney.ini 2008-10-01 14:10 . 2008-10-01 14:10 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-10-01 14:10 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2008-10-01 12:28 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-10-01 11:44 . 2008-10-01 11:44 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Leadertech 2008-10-01 11:37 . 2008-10-01 11:37 1,409 --a------ C:\WINDOWS\system32\tmp6D6AF.FOT 2008-10-01 01:22 . 2008-10-01 01:22 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Disney Interactive Studios 2008-09-30 20:12 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-09-30 20:12 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-09-30 20:12 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-09-30 20:12 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-09-30 20:12 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll 2008-09-30 20:10 . 2008-09-30 20:10 <DIR> d-------- C:\WINDOWS\Logs 2008-09-28 22:24 . 2008-09-28 22:24 <DIR> d--hs---- C:\found.001 2008-09-28 22:16 . 2008-09-28 22:16 <DIR> d-------- C:\Programfiler\RivaTuner v2.11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 11:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-10-19 01:52 --------- d-----w C:\Documents and Settings\Tom\Programdata\uTorrent 2008-10-19 01:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-18 15:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-10-12 20:27 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-04 16:47 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-09-27 08:46 --------- d-----w C:\Programfiler\COD4 Quick Launcher 2008-09-13 16:00 --------- d-----w C:\Documents and Settings\Tom\Programdata\Bioshock 2008-09-12 22:00 --------- d-----w C:\Programfiler\Opera 2008-09-09 21:41 --------- d-----w C:\Programfiler\iTunes 2008-09-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 21:40 --------- d-----w C:\Programfiler\iPod 2008-09-09 21:40 --------- d-----w C:\Programfiler\Bonjour 2008-09-09 21:39 --------- d-----w C:\Programfiler\QuickTime 2008-09-09 21:39 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-09-05 20:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-05 17:06 --------- d-----w C:\Programfiler\Apple Software Update 2008-07-24 12:38 1,721 ----a-w C:\Documents and Settings\Tom\Tom.zip 2008-03-20 19:20 22,328 ----a-w C:\Documents and Settings\Tom\Programdata\PnkBstrK.sys 2006-06-21 10:23 17,344,752 ----a-w C:\Programfiler\avg71free_394a763.exe 2006-04-28 12:18 31,326,192 ----a-w C:\Programfiler\84.21_forceware_winxp2k_international_whql.exe 2005-09-02 09:10 5,037,072 ----a-w C:\Programfiler\spybotsd14.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\progra~1\valve\steam\steam.exe" [2008-10-08 1410296] "DAEMON Tools"="F:\Daemon Tools X86\DAEMON Tools\daemon.exe" [2007-08-16 167368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Google Update"="C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "srvweb"="C:\WINDOWS\system32\ulwjchav.exe" [2008-10-19 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="C:\Programfiler\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-14 185896] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 36352] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 1232152] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-08 289576] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-01-02 124400] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] NETGEAR WPN111 Smart Wizard.lnk - C:\Programfiler\NETGEAR\WPN111 Configuration Utility\wpn111.exe [2006-06-23 491606] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll xbwbec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys] @="driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-08 23:02 289576 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\Flying_Mount_PC_EG-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WEB-WOWEx-E3-downloader.exe"= "C:\\Programfiler\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WoW-1.12.0.5590-to-2.0.1.6114-enGB-patch-downloader.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\condition zero\\hl.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enGB-downloader.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\half-life\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress classic\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\steam.exe"= "F:\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress 2\\hl2.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\Crysis.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Civilization4.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Beyond the Sword\\Civ4BeyondSword.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "F:\\Downloads\\Spill\\Shadowrun\\Shadowrun.exe"= "C:\\Programfiler\\VoidFreefall\\Void.exe"= "C:\\Programfiler\\Ramjets\\ramjets.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "F:\\Downloads\\Spill\\Call Of Duty 4\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "G:\\Baldurs Gate II\\BGMain.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Programfiler\\Poker.com\\client.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 96520] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-09 873752] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231192] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 76040] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149] R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-01-07 286720] S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;C:\WINDOWS\system32\Drivers\athwpn.sys [2004-10-14 43392] S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 hitmanpro2;Hitman Pro 2 Driver;C:\Programfiler\Hitman Pro\hitmanpro2.sys [2006-11-03 10336] S3 oflpydin;oflpydin;C:\DOCUME~1\Tom\LOKALE~1\Temp\oflpydin.sys [ ] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-05 36864] . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-04 21:53] . - - - - ORPHANS REMOVED - - - - BHO-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\byXQJAPH.dll BHO-{251F3A6F-3261-4B17-8EEF-95263B2DC4A8} - C:\WINDOWS\system32\iifcBSJy.dll BHO-{6f5391f0-c796-47e6-9ff5-24e5f7674c54} - C:\WINDOWS\system32\xbwbec.dll HKU-Default-Run-Spyware Doctor - (no file) HKCU-Explorer_Run-{040C0161-063F-1044-0726-05103105002f} - C:\Programfiler\Fellesfiler\{040C0161-063F-1044-0726-05103105002f}\Update.exe ShellExecuteHooks-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\byXQJAPH.dll MSConfigStartUp-SunJavaUpdateSched - C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tom\Programdata\Mozilla\Firefox\Profiles\l0ii5gxl.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 13:56:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-10-19 14:02:34 - machine was rebooted [Tom] ComboFix-quarantined-files.txt 2008-10-19 12:02:15 Pre-Run: 17,763,971,072 byte ledig Post-Run: 17,741,930,496 byte ledig 322 --- E O F --- 2008-08-14 12:07:49 Etter alle scannene skal det sies at nå har scrivebord iconene, oppgavebehandling, og også internett kobling til diverse programmer (Noe jeg fant ut viruset hadde blokkert) også kommet tilbake. Lenke til kommentar
norbat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 Før vi tar resten manuelt, kunne du ha oppdatert MBAM og kjør en rask scann til? Hvis den finner noe, poster du loggen. Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 (endret) Takk skal du ha Norbat! Her er den nye loggen MBAM-logg Malwarebytes' Anti-Malware 1.29 Database versjon: 1289 Windows 5.1.2600 Service Pack 2 19.10.2008 18:15:43 mbam-log-2008-10-19 (18-15-43).txt Skanntype: Rask Skann Objekter skannet: 44570 Tid tilbakelagt: 3 minute(s), 15 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvweb (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\ulwjchav.exe (Trojan.FakeAlert.H) -> Delete on reboot. Endret 19. oktober 2008 av Darkbuster Lenke til kommentar
norbat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\hibklwzm.exe C:\WINDOWS\system32\TDSSmrvd.dat Folder:: C:\Documents and Settings\All Users\Programdata\mjcrwlyl Driver:: oflpydin Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srvweb"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 Here you go, Norbat. ComboFix-logg ComboFix 08-10-18.03 - Tom 2008-10-19 19:29:17.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1251 [GMT 2:00] Running from: C:\Documents and Settings\Tom\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Tom\Skrivebord\CFScript.txt..txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\hibklwzm.exe C:\WINDOWS\system32\TDSSmrvd.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\mjcrwlyl C:\WINDOWS\system32\hibklwzm.exe C:\WINDOWS\system32\TDSSmrvd.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OFLPYDIN -------\Service_oflpydin ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-19 13:34 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 13:31 . 2008-10-19 19:26 <DIR> dr-h----- C:\Documents and Settings\Tom\Siste 2008-10-19 03:41 . 2008-10-19 03:41 <DIR> d-------- C:\Programfiler\Electronic Arts 2008-10-19 03:40 . 2008-10-19 03:40 5,974 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-10-16 15:52 . 2008-10-16 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\2DBoy 2008-10-03 15:21 . 2008-10-03 15:24 1,061 --a------ C:\WINDOWS\disney.ini 2008-10-01 14:10 . 2008-10-01 14:10 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-10-01 14:10 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2008-10-01 12:28 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-10-01 11:44 . 2008-10-01 11:44 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Leadertech 2008-10-01 11:37 . 2008-10-01 11:37 1,409 --a------ C:\WINDOWS\system32\tmp6D6AF.FOT 2008-10-01 01:22 . 2008-10-01 01:22 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Disney Interactive Studios 2008-09-30 20:12 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-09-30 20:12 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-09-30 20:12 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-09-30 20:12 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-09-30 20:12 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll 2008-09-30 20:10 . 2008-09-30 20:10 <DIR> d-------- C:\WINDOWS\Logs 2008-09-28 22:24 . 2008-09-28 22:24 <DIR> d--hs---- C:\found.001 2008-09-28 22:16 . 2008-09-28 22:16 <DIR> d-------- C:\Programfiler\RivaTuner v2.11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 17:31 --------- d-----w C:\Documents and Settings\Tom\Programdata\uTorrent 2008-10-19 16:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-10-19 14:59 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-19 14:59 --------- d-----w C:\Programfiler\COD4 Quick Launcher 2008-10-19 11:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-10-19 01:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-04 16:47 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-09-13 16:00 --------- d-----w C:\Documents and Settings\Tom\Programdata\Bioshock 2008-09-12 22:00 --------- d-----w C:\Programfiler\Opera 2008-09-09 21:41 --------- d-----w C:\Programfiler\iTunes 2008-09-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 21:40 --------- d-----w C:\Programfiler\iPod 2008-09-09 21:40 --------- d-----w C:\Programfiler\Bonjour 2008-09-09 21:39 --------- d-----w C:\Programfiler\QuickTime 2008-09-09 21:39 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-09-05 20:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-05 17:06 --------- d-----w C:\Programfiler\Apple Software Update 2008-07-24 12:38 1,721 ----a-w C:\Documents and Settings\Tom\Tom.zip 2008-03-20 19:20 22,328 ----a-w C:\Documents and Settings\Tom\Programdata\PnkBstrK.sys 2006-06-21 10:23 17,344,752 ----a-w C:\Programfiler\avg71free_394a763.exe 2006-04-28 12:18 31,326,192 ----a-w C:\Programfiler\84.21_forceware_winxp2k_international_whql.exe 2005-09-02 09:10 5,037,072 ----a-w C:\Programfiler\spybotsd14.exe . ((((((((((((((((((((((((((((( snapshot@2008-10-19_14.01.58.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-12 20:27:34 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-10-19 14:59:29 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\progra~1\valve\steam\steam.exe" [2008-10-08 1410296] "DAEMON Tools"="F:\Daemon Tools X86\DAEMON Tools\daemon.exe" [2007-08-16 167368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Google Update"="C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="C:\Programfiler\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-14 185896] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 36352] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 1232152] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-08 289576] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-01-02 124400] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] NETGEAR WPN111 Smart Wizard.lnk - C:\Programfiler\NETGEAR\WPN111 Configuration Utility\wpn111.exe [2006-06-23 491606] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll xbwbec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-08 23:02 289576 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\Flying_Mount_PC_EG-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WEB-WOWEx-E3-downloader.exe"= "C:\\Programfiler\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WoW-1.12.0.5590-to-2.0.1.6114-enGB-patch-downloader.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\condition zero\\hl.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enGB-downloader.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\half-life\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress classic\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\steam.exe"= "F:\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress 2\\hl2.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\Crysis.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Civilization4.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Beyond the Sword\\Civ4BeyondSword.exe"= "G:\\Downloads\\Spill\\Civilization VI\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "F:\\Downloads\\Spill\\Shadowrun\\Shadowrun.exe"= "C:\\Programfiler\\VoidFreefall\\Void.exe"= "C:\\Programfiler\\Ramjets\\ramjets.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "F:\\Downloads\\Spill\\Call Of Duty 4\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "G:\\Baldurs Gate II\\BGMain.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Programfiler\\Poker.com\\client.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 96520] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-09 873752] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231192] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 76040] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149] R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-01-07 286720] S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;C:\WINDOWS\system32\Drivers\athwpn.sys [2004-10-14 43392] S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 hitmanpro2;Hitman Pro 2 Driver;C:\Programfiler\Hitman Pro\hitmanpro2.sys [2006-11-03 10336] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-05 36864] . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-04 21:53] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 19:33:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-10-19 19:39:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-19 17:39:12 ComboFix2.txt 2008-10-19 12:02:35 Pre-Run: 17 689 276 416 byte ledig Post-Run: 17,693,159,424 byte ledig 232 --- E O F --- 2008-08-14 12:07:49 Lenke til kommentar
norbat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 (endret) Lag et nytt CFScript med følgende innhold. Dra det over Combofix-iconet og la combofix kjøre. Post loggen igjen Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll Endret 19. oktober 2008 av norbat Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 As you desired. ComboFix-logg ComboFix 08-10-18.03 - Tom 2008-10-19 20:59:58.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1270 [GMT 2:00] Running from: C:\Documents and Settings\Tom\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Tom\Skrivebord\CFScript.txt..txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-19 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-19 13:34 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-19 13:34 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 13:31 . 2008-10-19 20:59 <DIR> dr-h----- C:\Documents and Settings\Tom\Siste 2008-10-19 03:41 . 2008-10-19 03:41 <DIR> d-------- C:\Programfiler\Electronic Arts 2008-10-19 03:40 . 2008-10-19 03:40 5,974 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-10-16 15:52 . 2008-10-16 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\2DBoy 2008-10-03 15:21 . 2008-10-03 15:24 1,061 --a------ C:\WINDOWS\disney.ini 2008-10-01 14:10 . 2008-10-01 14:10 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-10-01 14:10 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2008-10-01 12:28 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-10-01 11:44 . 2008-10-01 11:44 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Leadertech 2008-10-01 11:37 . 2008-10-01 11:37 1,409 --a------ C:\WINDOWS\system32\tmp6D6AF.FOT 2008-10-01 01:22 . 2008-10-01 01:22 <DIR> d-------- C:\Documents and Settings\Tom\Programdata\Disney Interactive Studios 2008-09-30 20:12 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-09-30 20:12 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-09-30 20:12 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-09-30 20:12 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-09-30 20:12 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll 2008-09-30 20:10 . 2008-09-30 20:10 <DIR> d-------- C:\WINDOWS\Logs 2008-09-28 22:24 . 2008-09-28 22:24 <DIR> d--hs---- C:\found.001 2008-09-28 22:16 . 2008-09-28 22:16 <DIR> d-------- C:\Programfiler\RivaTuner v2.11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 19:00 --------- d-----w C:\Documents and Settings\Tom\Programdata\uTorrent 2008-10-19 16:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-10-19 14:59 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-10-19 14:59 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-10-19 14:59 --------- d-----w C:\Programfiler\COD4 Quick Launcher 2008-10-19 11:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-10-19 01:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-04 16:47 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-09-30 18:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-09-13 16:00 --------- d-----w C:\Documents and Settings\Tom\Programdata\Bioshock 2008-09-12 22:00 --------- d-----w C:\Programfiler\Opera 2008-09-09 21:41 --------- d-----w C:\Programfiler\iTunes 2008-09-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 21:40 --------- d-----w C:\Programfiler\iPod 2008-09-09 21:40 --------- d-----w C:\Programfiler\Bonjour 2008-09-09 21:39 --------- d-----w C:\Programfiler\QuickTime 2008-09-09 21:39 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-09-05 20:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-05 20:16 1,900,544 ----a-w C:\WINDOWS\system32\usbaaplrc.dll 2008-09-05 17:06 --------- d-----w C:\Programfiler\Apple Software Update 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-08 23:52 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-24 12:38 1,721 ----a-w C:\Documents and Settings\Tom\Tom.zip 2008-03-20 19:20 22,328 ----a-w C:\Documents and Settings\Tom\Programdata\PnkBstrK.sys 2006-06-21 10:23 17,344,752 ----a-w C:\Programfiler\avg71free_394a763.exe 2006-04-28 12:18 31,326,192 ----a-w C:\Programfiler\84.21_forceware_winxp2k_international_whql.exe 2005-09-02 09:10 5,037,072 ----a-w C:\Programfiler\spybotsd14.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\progra~1\valve\steam\steam.exe" [2008-10-08 1410296] "DAEMON Tools"="F:\Daemon Tools X86\DAEMON Tools\daemon.exe" [2007-08-16 167368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Google Update"="C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="C:\Programfiler\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-14 185896] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 36352] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 1232152] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-08 289576] "RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-01-02 124400] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] NETGEAR WPN111 Smart Wizard.lnk - C:\Programfiler\NETGEAR\WPN111 Configuration Utility\wpn111.exe [2006-06-23 491606] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-08 23:02 289576 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 20:49 36352 C:\Programfiler\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\Flying_Mount_PC_EG-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WEB-WOWEx-E3-downloader.exe"= "C:\\Programfiler\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Mine videoer\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "C:\\Documents and Settings\\Tom\\Mine dokumenter\\WoW-1.12.0.5590-to-2.0.1.6114-enGB-patch-downloader.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\counter-strike\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\condition zero\\hl.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enGB-downloader.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\half-life\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress classic\\hl.exe"= "C:\\Programfiler\\Valve\\Steam\\steam.exe"= "F:\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Valve\\Steam\\SteamApps\\darkbuster0110\\team fortress 2\\hl2.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\Min musikk\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\Crysis.exe"= "G:\\Downloads\\Spill\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "F:\\Downloads\\Spill\\Shadowrun\\Shadowrun.exe"= "C:\\Programfiler\\VoidFreefall\\Void.exe"= "C:\\Programfiler\\Ramjets\\ramjets.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "F:\\Downloads\\Spill\\Call Of Duty 4\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "G:\\Baldurs Gate II\\BGMain.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "G:\\Downloads\\Spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Programfiler\\Poker.com\\client.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 96520] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-09 873752] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231192] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 76040] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149] R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-01-07 286720] S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;C:\WINDOWS\system32\Drivers\athwpn.sys [2004-10-14 43392] S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 hitmanpro2;Hitman Pro 2 Driver;C:\Programfiler\Hitman Pro\hitmanpro2.sys [2006-11-03 10336] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-05 36864] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Tom\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-04 21:53] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 21:00:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\G:\Downloads\Programmer\Everest\EVEREST Home Edition\kerneld.wnt" . Completion time: 2008-10-19 21:02:10 ComboFix-quarantined-files.txt 2008-10-19 19:01:27 ComboFix2.txt 2008-10-19 17:39:34 ComboFix3.txt 2008-10-19 12:02:35 Pre-Run: 17 727 811 584 byte ledig Post-Run: 17,716,273,152 byte ledig 200 --- E O F --- 2008-08-14 12:07:49 Lenke til kommentar
norbat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 -og hvordan kjører pc'n? Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 PCen kjører fint nå. Har ikke hatt noen flere problemer siden virusene kom. Skal jeg avinstallere ComboFix og de andre programmene nå da, eller er det bare lurt å ha de? Uansett vil jeg bare takke utrolig for hjelpen. Lenke til kommentar
norbat Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 Det ser fint ut, så du kan bare fjerne de programmene som er brukt. Combofix fjerner du ved å skrive combofix /u i kjør-feltet (start->kjør) Lenke til kommentar
Darkbuster Skrevet 19. oktober 2008 Forfatter Del Skrevet 19. oktober 2008 Da er det gjort. Tusen takk for hjelpen, Norbat. Lenke til kommentar
r2d290 Skrevet 19. oktober 2008 Del Skrevet 19. oktober 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. På vegne av norbat: -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå